From volker at ixolution.de  Thu Nov  1 08:07:25 2007
From: volker at ixolution.de (Volker Dormeyer)
Date: Thu, 1 Nov 2007 08:07:25 +0100
Subject: Decryption using Smartcard using CCID and PCSCD driver
Message-ID: <200711010807.26154.volker@ixolution.de>

Hi,

I'm experiencing problems decrypting an email I received, recently.
Decryption of other emails, even from the same sender works fine.
Although the other recipients of this particular email don't seem
to have a problem with the decryption of it.

GPG tells me (recipients have been anonymised by xxxxxxxx,
except myself):

volker at freedom:~$ gpg -v email.asc
gpg: armor header: Version: GnuPG v2.0.5 (GNU/Linux)
gpg: public key is xxxxxxxx
gpg: public key is 9107C5AC
gpg: using subkey 9107C5AC instead of primary key DB5349DB
gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.131
gpg: public key is xxxxxxxx
gpg: public key is xxxxxxxx
gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx
gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created xxxxxxxx
      "other recipient <xxxxxxxxxxxxxxxx>"
gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx
gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx
      "other recipient <xxxxxxxxxxxxxxxx>"
gpg: using subkey 9107C5AC instead of primary key DB5349DB
gpg: encrypted with 1024-bit RSA key, ID 9107C5AC, created 2005-08-31
      "Volker Dormeyer <volker at ixolution.de>"
gpg: public key decryption failed: general error
gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx
gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx
      "other recipient <xxxxxxxxxxxxxxxx>"
gpg: decryption failed: secret key not available

I've set the debug-level of scdaemon and gpg-agent to guru to receive
the following log:

volker at freedom:~$ watchgnupg --force .gnupg/log-socket >watchgnupg.log
[client at fd 6 connected]
[client at fd 7 connected]
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK Pleased to meet you
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION display=:0.0
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION ttyname=/dev/pts/1
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION ttytype=xterm
  7 - 2007-11-01 07:39:32 scdaemon[4213]: listening on socket `/tmp/gpg-glRCWp/S.scdaemon'
  7 - 2007-11-01 07:39:32 scdaemon[4213]: handler for fd -1 started
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION lc-ctype=en_US.UTF-8
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- OPTION lc-messages=en_US.UTF-8
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: -> OK
  6 - 2007-11-01 07:39:32 gpg-agent[4052.6] DBG: <- SCD SERIALNO openpgp
  6 - 2007-11-01 07:39:32 gpg-agent[4052]: no running SCdaemon - starting it
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:60500033:0)
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: idVendor: 04E6  idProduct: 5115  bcdDevice: 0514
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver: ChipCard Interface Descriptor:
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bLength                54
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bDescriptorType        33
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bcdCCID              1.00
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   nMaxSlotIndex           0
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bVoltageSupport         1  5.0V
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwProtocols             3  T=0 T=1
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwDefaultClock       4000
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwMaxiumumClock     12000
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bNumClockSupported      0
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwDataRate           9600 bps
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwMaxDataRate      307200 bps
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bNumDataRatesSupp.      0
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwMaxIFSD             252
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwSyncProtocols  00000000 
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwMechanical     00000000 
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwFeatures       000100BA
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:     Auto configuration based on ATR
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:     Auto voltage selection
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:     Auto clock change
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:     Auto baud rate change
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:     Auto PPS made by CCID
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:     TPDU level exchange
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   dwMaxCCIDMsgLen       263
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bClassGetResponse    echo
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bClassEnvelope       echo
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   wlcdLayout           none
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bPINSupport             0 
  7 - 2007-11-01 07:39:32 scdaemon[4213]: DBG: ccid-driver:   bMaxCCIDBusySlots       1
  7 - 2007-11-01 07:39:33 scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable
  7 - 2007-11-01 07:39:33 scdaemon[4213]: DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT
  7 - 2007-11-01 07:39:34 scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable
  7 - 2007-11-01 07:39:34 scdaemon[4213]: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 00
  7 - 2007-11-01 07:39:35                data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 01
  7 - 2007-11-01 07:39:35                data: 11 10 00 45 00 80 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 05 00 00 01 11 10 00 45 00 80 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   protocol ..........: T=1
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   bmFindexDindex ....: 11
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   bmTCCKST1 .........: 10
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   bGuardTimeT1 ......: 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   bmWaitingIntegersT1: 45
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   bClockStop ........: 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   bIFSC .............: 128
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver:   bNadValue .........: 0
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 61 07 00 00 00 00 06 01 00 00 11 10 00 45 00 80 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 01
  7 - 2007-11-01 07:39:35                data: 11 10 00 45 00 80 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 05 00 00 00 00 07 00 00 00 00 C1 01 FC 3C
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 00
  7 - 2007-11-01 07:39:35                data: 00 E1 01 FC 1C
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: IFSD has been set to 252
  7 - 2007-11-01 07:39:35 scdaemon[4213]: reader slot 0: using ccid driver
  7 - 2007-11-01 07:39:35 scdaemon[4213]: slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
  7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> OK GNU Privacy Guard's Smartcard server ready
  6 - 2007-11-01 07:39:35 gpg-agent[4052]: DBG: first connection to SCdaemon established
  7 - 2007-11-01 07:39:35 scdaemon[4213]: updating status of slot 0 to 0x0007
  7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- GETINFO socket_name
  7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> D /tmp/gpg-glRCWp/S.scdaemon
  7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> OK
  7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- OPTION event-signal=12
  7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: -> OK
  7 - 2007-11-01 07:39:35 scdaemon[4213.0] DBG: <- SERIALNO openpgp
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=A4 p0=00 p1=0C lc=2 le=-1
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:   APDU_data: 00 A4 00 0C 02 3F 00
  6 - 2007-11-01 07:39:35 gpg-agent[4052]: DBG: additional connections at `/tmp/gpg-glRCWp/S.scdaemon'
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 0B 00 00 00 00 09 04 00 00 00 00 07 00 A4 00 0C 02 3F 00 92
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:35                data: 00 00 02 6B 00 69
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:  response: sw=6B00  datalen=0
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=A4 p0=04 p1=00 lc=6 le=-1
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:   APDU_data: 00 A4 04 00 06 D2 76 00 01 24 01
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 0F 00 00 00 00 0A 04 00 00 00 40 0B 00 A4 04 00 06 D2 76 00 01 24 01 6D
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:35                data: 00 40 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 90 00 47
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:  response: sw=9000  datalen=20
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:      dump:  6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=4F lc=-1 le=256
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:   APDU_data: 00 CA 00 4F 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0B 04 00 00 00 00 05 00 CA 00 4F 00 80
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:35                data: 00 00 12 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 90 00 EA
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:  response: sw=9000  datalen=16
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:       dump:  D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: AID: D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=C4 lc=-1 le=256
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:   APDU_data: 00 CA 00 C4 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0C 04 00 00 00 40 05 00 CA 00 C4 00 4B
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:35                data: 00 40 09 00 FE FE FE 03 03 03 90 00 24
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:  response: sw=9000  datalen=7
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:       dump:  00 FE FE FE 03 03 03
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=6E lc=-1 le=256
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG:   APDU_data: 00 CA 00 6E 00
  7 - 2007-11-01 07:39:35 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0D 04 00 00 00 00 05 00 CA 00 6E 00 A1
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:36                data: 00 00 CA 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 90 00 30
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:  response: sw=9000  datalen=200
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:       dump:  4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=5E lc=-1 le=256
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:   APDU_data: 00 CA 00 5E 00
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0E 04 00 00 00 40 05 00 CA 00 5E 00 D1
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:36                data: 00 40 08 76 6F 6C 6B 65 72 90 00 D1
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:  response: sw=9000  datalen=6
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:       dump:  76 6F 6C 6B 65 72
  7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> S SERIALNO D2760001240101010001000002EB0000 0
  7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> OK
  6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> S SERIALNO D2760001240101010001000002EB0000 0
  6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> OK
  6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: <- SCD SETDATA FEF51A7BB7DC6A19710A98D918C3DD54DA95C1E0F72264276C97534B1A11B9D043149BD3DF00254F2FAADC6D6F5DBB1FA14C6DFD53EE6C7553BD71FBFAC9C8F1FD01F6097321F021D3D67F1DC3C7A9F2E43274CB3B8BD39E1B684B21AE01AAB6D216A6B7A3056D677997D84A3C34AC8267EC4A49AF726A56D35645B66C070B
  7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: <- SETDATA FEF51A7BB7DC6A19710A98D918C3DD54DA95C1E0F72264276C97534B1A11B9D043149BD3DF00254F2FAADC6D6F5DBB1FA14C6DFD53EE6C7553BD71FBFAC9C8F1FD01F6097321F021D3D67F1DC3C7A9F2E43274CB3B8BD39E1B684B21AE01AAB6D216A6B7A3056D677997D84A3C34AC8267EC4A49AF726A56D35645B66C070B
  7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> OK
  6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: -> OK
  6 - 2007-11-01 07:39:36 gpg-agent[4052.6] DBG: <- SCD PKDECRYPT D2760001240101010001000002EB0000/82E89CC385F692F8405064363640869B9107C5AC
  7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: <- PKDECRYPT D2760001240101010001000002EB0000/82E89CC385F692F8405064363640869B9107C5AC
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: send apdu: c=00 i=CA p0=00 p1=6E lc=-1 le=256
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:   APDU_data: 00 CA 00 6E 00
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 0F 04 00 00 00 00 05 00 CA 00 6E 00 A1
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:36                data: 00 00 CA 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72 90 00 30
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:  response: sw=9000  datalen=200
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG:       dump:  4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 02 EB 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 14 B6 61 3A 82 AF 0D D7 11 7D 6A 10 10 96 7F 77 2E 30 51 1B 82 E8 9C C3 85 F6 92 F8 40 50 64 36 36 40 86 9B 91 07 C5 AC B9 94 D5 C4 0C 93 39 16 15 FC 39 D9 96 36 0E 36 24 38 0E 54 C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 43 16 11 B6 43 16 13 0D 43 16 13 46 5E 06 76 6F 6C 6B 65 72
  7 - 2007-11-01 07:39:36 scdaemon[4213]: DBG: asking for PIN 'PIN'
  7 - 2007-11-01 07:39:36 scdaemon[4213.0] DBG: -> INQUIRE NEEDPIN PIN
  6 - 2007-11-01 07:39:36 gpg-agent[4052]: starting a new PIN Entry
  6 - 2007-11-01 07:39:36 gpg-agent[4052]: DBG: connection to PIN entry established
  7 - 2007-11-01 07:39:48 scdaemon[4213.0] DBG: <- [ 44 20 33 31 31 32 38 32 00 00 00 00 ...(80 bytes skipped) ]
  7 - 2007-11-01 07:39:48 scdaemon[4213.0] DBG: <- END
  7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG: send apdu: c=00 i=20 p0=00 p1=82 lc=6 le=-1
  7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG:   APDU_data: 00 20 00 82 06 33 31 31 32 38 32
  7 - 2007-11-01 07:39:48 scdaemon[4213]: DBG: ccid-driver: sending 6F 0F 00 00 00 00 16 04 00 00 00 40 0B 00 20 00 82 06 33 31 31 32 38 32 E4
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:49                data: 00 40 02 90 00 D2
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG:  response: sw=9000  datalen=0
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG:      dump:  
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: send apdu: c=00 i=2A p0=80 p1=86 lc=128 le=256
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG:   APDU_data: 00 2A 80 86 80 00 FE F5 1A 7B B7 DC 6A 19 71 0A 98 D9 18 C3 DD 54 DA 95 C1 E0 F7 22 64 27 6C 97 53 4B 1A 11 B9 D0 43 14 9B D3 DF 00 25 4F 2F AA DC 6D 6F 5D BB 1F A1 4C 6D FD 53 EE 6C 75 53 BD 71 FB FA C9 C8 F1 FD 01 F6 09 73 21 F0 21 D3 D6 7F 1D C3 C7 A9 F2 E4 32 74 CB 3B 8B D3 9E 1B 68 4B 21 AE 01 AA B6 D2 16 A6 B7 A3 05 6D 67 79 97 D8 4A 3C 34 AC 82 67 EC 4A 49 AF 72 6A 56 D3 56 45 B6 6C 07 0B
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: sending 6F 84 00 00 00 00 17 04 00 00 00 20 80 00 2A 80 86 80 00 FE F5 1A 7B B7 DC 6A 19 71 0A 98 D9 18 C3 DD 54 DA 95 C1 E0 F7 22 64 27 6C 97 53 4B 1A 11 B9 D0 43 14 9B D3 DF 00 25 4F 2F AA DC 6D 6F 5D BB 1F A1 4C 6D FD 53 EE 6C 75 53 BD 71 FB FA C9 C8 F1 FD 01 F6 09 73 21 F0 21 D3 D6 7F 1D C3 C7 A9 F2 E4 32 74 CB 3B 8B D3 9E 1B 68 4B 21 AE 01 AA B6 D2 16 A6 B7 A3 05 6D 67 79 97 D8 4A 3C 34 AC 82 67 EC 4A 49 AF 72 6A 56 D3 56 99
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:49                data: 00 90 00 90
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: sending 6F 09 00 00 00 00 18 04 00 00 00 40 05 45 B6 6C 07 0B D6
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG: ccid-driver: status: 00  error: 00  octet[9]: 04
  7 - 2007-11-01 07:39:49                data: 00 00 02 69 85 EE
  7 - 2007-11-01 07:39:49 scdaemon[4213]: DBG:  response: sw=6985  datalen=0
  7 - 2007-11-01 07:39:49 scdaemon[4213]: operation decipher result: Conditions of use not satisfied
  6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: -> ERR 100663427 Conditions of use not satisfied <SCD>
  6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: <- BYE
  6 - 2007-11-01 07:39:49 gpg-agent[4052.6] DBG: -> OK closing connection
  6 - 2007-11-01 07:39:49 gpg-agent[4052]: handler 0x8092f90 for fd 6 terminated
  7 - 2007-11-01 07:39:49 scdaemon[4213]: card_create_signature failed: Conditions of use not satisfied
  7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: -> ERR 100663427 Conditions of use not satisfied <SCD>
  7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: <- RESTART
  7 - 2007-11-01 07:39:49 scdaemon[4213.0] DBG: -> OK

Does anybody have an idea on this?
The outcome is similiar to when I use the pcscd driver.

Thanks,
Volker


From hs2412 at gmail.com  Thu Nov  1 11:13:07 2007
From: hs2412 at gmail.com (Hardeep Singh)
Date: Thu, 1 Nov 2007 15:43:07 +0530
Subject: Fwd: ECC - how does it compare
In-Reply-To: <d7a3cfdf0710291035n21da2c02u5334eed5fb85298b@mail.gmail.com>
References: <d7a3cfdf0710291035n21da2c02u5334eed5fb85298b@mail.gmail.com>
Message-ID: <d7a3cfdf0711010313l70132553ubfffa795cbc3287f@mail.gmail.com>

Hi All

Thanks for your thoughts. I was also looking forward to your comments
on what NSA is saying. For one, they claim RSA is "old" even with
longer keys. Why are they making a case for ECC. Is it easier to
crack.

Another thing I could think of us that ECC key generation is like a
one-way hash. If you input the same password, given the same curve,
the key generated will always be the same. So, basically, there is no
randomness involved in key generation. Doesnt that make ECC more prone
to dictionary attacks?

Regards
Hardeep

---------- Forwarded message ----------
From: Hardeep Singh <hs2412 at gmail.com>
Date: Oct 29, 2007 11:05 PM
Subject: ECC - how does it compare
To: gnupg-users at gnupg.org


Hi All

I recently looked at software called 'seccure' which is available for
linux. Its a tool for public key encryption using ECC rather than
prime number factoring.

http://www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm

Here NSA is making a case for ECC.

One advantage that does seem to exist is that there is no need to
persistently store any part of the key - so the threat of someone
meddling with your key on the pen drive seems to be removed.

What do you all think about this?  Should we start building an ECC WOT? :-)

Regards
Hardeep Singh


-- 
Hardeep Singh


From roam at ringlet.net  Thu Nov  1 09:54:31 2007
From: roam at ringlet.net (Peter Pentchev)
Date: Thu, 1 Nov 2007 10:54:31 +0200
Subject: GPG fails to encrypt
In-Reply-To: <990711.73653.qm@web54306.mail.re2.yahoo.com>
References: <990711.73653.qm@web54306.mail.re2.yahoo.com>
Message-ID: <20071101085431.GA1136@straylight.m.ringlet.net>

On Tue, Oct 30, 2007 at 04:04:58PM -0700, William Bradshaw wrote:
> When calling the GPG command from within a Vitria Businessware automator
> process, files larger than 20MB fail to encrypt.  Files smaller than
> 20MB encrypt just fine.  If I run the GPG command outside of the Vitria
> Businessware process the large (20MB plus) files encrypt just fine.  The
> GPG command being called by Vitria is:
> 
> /usr/local/bin/gpg --always-trust -e -r "FFFFF"
> /vitria/bw3dev1/encrypt/FSA/$FSA.560167.$FHP.cere07110938.txt.01102007_11-13-08

Try getting an actual error message - that should help point to an
actual problem :)

There are several ways you could look for an error message, and most of
them involve writing a simple shell script wrapper for gpg and having
Vitria invoke the script instead of the gpg binary itself.  Maybe
something like the following could help (and yes, I'm aware of all the
security problems within - predictable filenames, file/directory
permissions and stuff):

#!/bin/sh

set -e

GNUPG='/usr/local/bin/gpg'
OUTDIR='/tmp/gpg'
STDOUT="$OUTDIR/out.$$"
STDERR="$OUTDIR/err.$$"

$GNUPG "$@" > "$STDOUT" 2>"$STDERR"
errcode="$?"
echo "The GnuPG process's exit code is $errcode" >> "$STDERR"
exit "$errcode"

To use it, create a directory /tmp/gpg writeable by the user that Vitria
should run as, then make Vitria execute it instead of the actual gpg
binary.  As a result, each time Vitria tries to run GnuPG, you'll get
two files in the /tmp/gpg directory containing the data that gpg sent to
its standard output and its standard error streams, and the exit code.

If this does not help a whole lot, you could put an strace or ltrace or
something like that in the script for further information gathering.

Hope that helps!

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
What would this sentence be like if pi were 3?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20071101/c841c8de/attachment.pgp 

From email at sven-radde.de  Thu Nov  1 12:45:49 2007
From: email at sven-radde.de (Sven Radde)
Date: Thu, 01 Nov 2007 12:45:49 +0100
Subject: GNuPG Newb
In-Reply-To: <13510878.post@talk.nabble.com>
References: <13510878.post@talk.nabble.com>
Message-ID: <4729BC6D.5000803@sven-radde.de>

Hi!

jramro schrieb:
>  I'm trying to send a php mail form and not able to get it to encrypt or do
> much of anything. 

First of all, make sure that you have access to the gpg executable from
your php script and that safe mode and similar restrictions do not cause
problems.
Make also sure that the necessary keys are imported, set to trustworthy
on the machine you are running GnuPG and the like.

>  I was a bit confused because i heard that PGP can intercept a mail form
> through SMTP and encrypt it , but that GnuPG can not? 

What is confusing about the fact that different softwares can have a
different set of features?
It should however be reasonably easy to write a wrapper around GnuPG
that works as an SMTP proxy if this is really necessary. Maybe someone
can point you to an existing solution, I would be surprised if there
wasn't one already.
A quick look at <http://www.gnupg.org/related_software/frontends.html>
turned up Anubis <http://www.gnu.org/software/anubis/> but I have no
idea about the quality of that project (last update 2004 - either it's
very stable or very abandoned or both).

>  Do i have to first output my mail form into a temp folder as a .txt file,
> and then encrypt the .txt file? 

You could do that, but gpg can also be used to handle piped standard
in-/output. I think, this would be the preferred way.

The command line would be roughly like:
gpg --armor --recipient KEYID --encrypt
--> write text to GnuPG stdin, terminate with EOF
<-- read "PGP MESSAGE" from GnuPG stdout

You can easily try this in the console.

>  When reaching last page, the mail form is assembled and populated and sent. 

So, at this point, before passing the assembled mail body string to the
PHP mail()-function, you could just pipe it through a call to gpg.

HTH, Sven


From rjh at sixdemonbag.org  Thu Nov  1 19:52:53 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 01 Nov 2007 13:52:53 -0500
Subject: GNuPG Newb
In-Reply-To: <13510878.post@talk.nabble.com>
References: <13510878.post@talk.nabble.com>
Message-ID: <472A2085.3040509@sixdemonbag.org>

jramro wrote:
>  I was a bit confused because i heard that PGP can intercept a mail form
> through SMTP and encrypt it , but that GnuPG can not? 

GnuPG and PGP both support the OpenPGP specification (RFC2440).  They
also each have some additional functionality.  PGP has a mail proxy as
part of its additional functionality.  GnuPG does not provide this.

I am not fond of the mail proxy idea, myself.

> Do i have to first output my mail form into a temp folder as a .txt file,
> and then encrypt the .txt file?

Probably not.  I/O redirection will probably do the job for you.




From wk at gnupg.org  Thu Nov  1 20:34:34 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 01 Nov 2007 20:34:34 +0100
Subject: AS400 PGP
In-Reply-To: <4728F816.6050704@sixdemonbag.org> (Robert J. Hansen's message of
	"Wed, 31 Oct 2007 16:48:06 -0500")
References: <OFDEBBE85D.2F0896DD-ON85257384.0048A769-85257384.004A4062@MILITARYCARS.COM>
	<4728F816.6050704@sixdemonbag.org>
Message-ID: <87k5p1220l.fsf@wheatstone.g10code.de>

On Wed, 31 Oct 2007 22:48, rjh at sixdemonbag.org said:

> product of g10 Code GmbH and the GnuPG community; PGP is a product of
             ^^^^^^^^

FWIW: Although we do quite some work on GnuPG there are other authors
and contributors as well.  GnuPG is part of the GNU project and legally
"belongs" to the FSF.


Shalom-Salam,

   Werner

-- 
Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com



From dshaw at jabberwocky.com  Fri Nov  2 03:11:18 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 1 Nov 2007 22:11:18 -0400
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com>
	<cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
Message-ID: <20071102021118.GC27408@jabberwocky.com>

On Wed, Oct 31, 2007 at 04:59:29PM +0930, Roscoe wrote:
> Not answering your questions but two handy tools I like :)
> 
> 
> A while ago we had a big discussion regarding printing out keys for backup,
> which (I think) prompted David Shaw to write a following small program to
> assist those wanting to do so, here's part of the description of that program:
> 
> "Due to metadata and redundancy, OpenPGP secret keys are significantly
> larger than just the "secret bits".  In fact, the secret key contains
> a complete copy of the public key.  Since the public key generally
> doesn't need to be escrowed (most people have many copies of it on
> various keyservers, web pages, etc), only extracting the secret parts
> can be a real advantage.
> 
>  Paperkey extracts just those secret bytes and prints them.  To
> reconstruct, you re-enter those bytes (whether by hand or via OCR) and
> paperkey can use them to transform your existing public key into a
> secret key."
> 
> -- http://www.jabberwocky.com/software/paperkey/

I've actually been rather surprised with the number of downloads of
paperkey.  I expected it to be in the tens, but there have been
several hundred downloads.

> (I think splitting a password into a few shares and distributing them
> in suitable places is a sane way of writing down passwords. Other
> people may disagree.)

Is secret sharing a feature that people would want in paperkey?  You'd
be able to print out a number of pages, and pick some threshold number
of pages that would be needed to reconstruct the key.

I consider paperkey as the "backup of last resort", and it occurs to
me that the ability to stash different printed backups in multiple
places is useful, in case there is fading/damage to a printout as
happened to the poor fellow who started this thread.  That said, I am
not completely convinced that it is better to use multiple
secret-shared printouts rather than just multiple copies of the same
printout.  Does anyone see a good use case (aside from the cool-trick
factor) to using secret sharing in paperkey?

David


From atom at smasher.org  Fri Nov  2 03:27:59 2007
From: atom at smasher.org (Atom Smasher)
Date: Fri, 2 Nov 2007 15:27:59 +1300 (NZDT)
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <20071102021118.GC27408@jabberwocky.com>
References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com>
	<cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
	<20071102021118.GC27408@jabberwocky.com>
Message-ID: <20071102022800.33011.qmail@smasher.org>

On Thu, 1 Nov 2007, David Shaw wrote:

> Does anyone see a good use case (aside from the cool-trick factor) to 
> using secret sharing in paperkey?
================

1) weak passphrase on the key
2) no passphrase on the key

#2 may be more useful than it seems, if a key is very rarely used and 
there's a risk that the passphrase will be lost/forgotten. this would 
allow a way to distribute the secret to trusted parties and/or hidden 
places without a passphrase on the key.

of course the real questions: is there a need for that? would anyone use 
it?


-- 
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Sometimes I think we're alone in the universe,
 	 and sometimes I think we're not.
 	 In either case the idea is quite staggering."
 		-- Arthur C. Clarke




From yyz01 at yahoo.com  Fri Nov  2 03:37:26 2007
From: yyz01 at yahoo.com (YYZ)
Date: Thu, 1 Nov 2007 19:37:26 -0700 (PDT)
Subject: A note to Atom Smasher [WAS: Subkey DSA signature changes...]
In-Reply-To: <20071031110916.20027.qmail@smasher.org>
Message-ID: <64011.95624.qm@web45516.mail.sp1.yahoo.com>


--- Atom Smasher <atom at smasher.org> wrote:

> On Tue, 30 Oct 2007, YYZ wrote:
> 
> > Going through the list archives, I came across a few of your
> postings 
> > that seem to indicate that you have more insight into the way
> subkey 
> > self-signatures are generated than what I can gather from the RFC. 
> > Arguably, it's one of the most confusing sections...
> >
> > http://lists.gnupg.org/pipermail/gnupg-users/2004-May/022511.html
> >
> > However, i didn't find any more posts from you explaining how did
> you 
> > manage to generate the missing self-signatures on your subkeys. I'd
> 
> > appreciate if you could share that knowledge with us...
> ===================
> 
> don't try this at home - http://atom.smasher.org/gpg/gpg-migrate.txt
> 
> it's an ugly hack, there's really no reason you should ever have to
> do it, 
> and last i checked it didn't even work with gpg since 1.2.4.
> 

Thanks! I can confirm that it doesn't work anymore. 
However, I have been able to hack the gpg code to do this, 
should I ever need to...

> 
> > Since the signatures are computed from the hash of the key material
> 
> > (which differs in the secret and the public key packets), I'd
> suppose 
> > the secret subkey signature to be different from the public subkey 
> > signature.
> =================
> 
> it's been a while since i've dug through the RFC...
> 
> RFC2440:11.2. Key IDs and Fingerprints;  A V4 fingerprint is the
> 160-bit 
> SHA-1 hash of the one-octet Packet Tag, followed by the two-octet
> packet 
> length, followed by the entire _Public_ Key packet starting with the 
> version field.
> 
> fingerprint are calculated using just the public parts of the
> [sub]key.
> 

Hash used for computing signatures is different from the fingerprint.
It changes every time a new signature is generated. However, what you
stated is true for signature hashes too - they are computed just using
the public parts of the key.

Anyway, i got my answers from the gpg source code. When generating a
new subkey pair, for some reason, it generates the signature twice,
one for the public keyring and one for the private keyring. Can't see
the rationale behind it, since it's computed over the same data...

yyz

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



From rjh at sixdemonbag.org  Thu Nov  1 01:26:15 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 31 Oct 2007 19:26:15 -0500
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <20071102021118.GC27408@jabberwocky.com>
References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com>
	<cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
	<20071102021118.GC27408@jabberwocky.com>
Message-ID: <1193876775.7681.13.camel@vmsamuel>

> Does anyone see a good use case (aside from the cool-trick
> factor) to using secret sharing in paperkey?

Yes.  E.g., I may wish to give shares to my best friend and my cousin.
This way, even if their homes and/or offices are broken into, or one of
them misplaces/loses their share, I don't need to worry about where that
copy is: I just have the other person burn their share and issue two
more.





From dshaw at jabberwocky.com  Fri Nov  2 04:14:09 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 1 Nov 2007 23:14:09 -0400
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <1193876775.7681.13.camel@vmsamuel>
References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com>
	<cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
	<20071102021118.GC27408@jabberwocky.com>
	<1193876775.7681.13.camel@vmsamuel>
Message-ID: <20071102031409.GD27408@jabberwocky.com>

On Wed, Oct 31, 2007 at 07:26:15PM -0500, Robert J. Hansen wrote:
> > Does anyone see a good use case (aside from the cool-trick
> > factor) to using secret sharing in paperkey?
> 
> Yes.  E.g., I may wish to give shares to my best friend and my cousin.
> This way, even if their homes and/or offices are broken into, or one of
> them misplaces/loses their share, I don't need to worry about where that
> copy is: I just have the other person burn their share and issue two
> more.

Makes sense, especially if you are printing out the secret key with no
passphrase (as if there was a passphrase, then even multiple lost
copies shouldn't matter).  Given the "backup of last resort"
mentality, I think that printing the secret key without a passphrase
can be a real benefit, and secret sharing can make that a bit more
safe.

David


From rjh at sixdemonbag.org  Thu Nov  1 01:59:31 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 31 Oct 2007 19:59:31 -0500
Subject: AS400 PGP
In-Reply-To: <87k5p1220l.fsf@wheatstone.g10code.de>
References: <OFDEBBE85D.2F0896DD-ON85257384.0048A769-85257384.004A4062@MILITARYCARS.COM>
	<4728F816.6050704@sixdemonbag.org>
	<87k5p1220l.fsf@wheatstone.g10code.de>
Message-ID: <1193878771.7681.17.camel@vmsamuel>

On Thu, 2007-11-01 at 20:34 +0100, Werner Koch wrote:
> On Wed, 31 Oct 2007 22:48, rjh at sixdemonbag.org said:
> > product of g10 Code GmbH and the GnuPG community; PGP is a product of             ^^^^^^^^
> 
> FWIW: Although we do quite some work on GnuPG there are other authors
> and contributors as well.  GnuPG is part of the GNU project and legally
> "belongs" to the FSF.

Right.  This may be an ambiguity in English: 'product' can mean either
'owned by' or 'created by'.  I should have specified "created by g10
Code and the GnuPG community."  It wasn't my intent to mislead anyone
with respect to the copyright holder.  Thank you for clearing up my
clumsy words.  :)





From yyz01 at yahoo.com  Fri Nov  2 03:58:41 2007
From: yyz01 at yahoo.com (YYZ)
Date: Thu, 1 Nov 2007 19:58:41 -0700 (PDT)
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <20071102022800.33011.qmail@smasher.org>
Message-ID: <719762.95243.qm@web45503.mail.sp1.yahoo.com>


Why not just pick a strong passphrase and mail a copy to all
your email accounts? You would only need to worry about remembering
the passphrase. One solution is to pick a bunch of friends who
regularly use pgp (maybe even the active members from this list),
encrypt the text of you passphrase to these recipients and keep
several copies of it at different places (and obviously not mail it
to any of the recipients). If ever you forget your passphrase, just
ask anyone from the recipient list to decrypt it for you. You can
then change the passphrase - no damage done! To be on the safe side, 
add a symmetric enc key too, with a simple password that you would
always remember...

yyz

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



From rjh at sixdemonbag.org  Thu Nov  1 02:50:55 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 31 Oct 2007 20:50:55 -0500
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <719762.95243.qm@web45503.mail.sp1.yahoo.com>
References: <719762.95243.qm@web45503.mail.sp1.yahoo.com>
Message-ID: <1193881855.7681.23.camel@vmsamuel>

> Why not just pick a strong passphrase and mail a copy to all
> your email accounts? You would only need to worry about remembering
> the passphrase.

Doesn't help if I'm dead.

I have some encrypted traffic which my estate will need to read in the
event of my death.  So I can give my key and passphrase to my lawyer, I
can store a copy in a safe deposit box, I can... etc.

But all options involve leaving my key and passphrase under the control
of a single person.  A single person can make mistakes.  They can be
corrupted.  They can lose it.  They can... etc., etc.

Secret shares make it possible for me to give shares to people I trust
not to conspire against me, as opposed to people I trust to never make
typical human errors.  I am fortunate enough to have a fair number of
the former, but like most people, none of the latter.





From eocsor at gmail.com  Fri Nov  2 05:50:43 2007
From: eocsor at gmail.com (Roscoe)
Date: Fri, 2 Nov 2007 14:20:43 +0930
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <1193876775.7681.13.camel@vmsamuel>
References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com>
	<cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
	<20071102021118.GC27408@jabberwocky.com>
	<1193876775.7681.13.camel@vmsamuel>
Message-ID: <cf657bae0711012150x5b82642dg5c2ac5b24bbe0e62@mail.gmail.com>

I don't see any worthwhile gain over setting a strong passphrase, and
then secret sharing that passphrase with ssss.


In Roberts example if you were to use ssss+paperkey you'd merely
export an encrypted secret key, and then print in the line above it an
ssss share.
As far as I can see this would produce an equivalent state of affairs.

The biggest practical difference is that since you're secret sharing
just a passphrase and not a secret key it's going to be less typing to
reconstruct your key.

It does add an extra step to the situation, but I do like the one tool
one job philosophy.


[BTW: Adding paperkey to the tools section of gnupg.org would be good.
I only found it because I read the mailing list :].

On 11/1/07, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> > Does anyone see a good use case (aside from the cool-trick
> > factor) to using secret sharing in paperkey?
>
> Yes.  E.g., I may wish to give shares to my best friend and my cousin.
> This way, even if their homes and/or offices are broken into, or one of
> them misplaces/loses their share, I don't need to worry about where that
> copy is: I just have the other person burn their share and issue two
> more.
>
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>


From rjh at sixdemonbag.org  Thu Nov  1 03:42:06 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 31 Oct 2007 21:42:06 -0500
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <cf657bae0711012150x5b82642dg5c2ac5b24bbe0e62@mail.gmail.com>
References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com>
	<cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
	<20071102021118.GC27408@jabberwocky.com>
	<1193876775.7681.13.camel@vmsamuel>
	<cf657bae0711012150x5b82642dg5c2ac5b24bbe0e62@mail.gmail.com>
Message-ID: <1193884926.7681.31.camel@vmsamuel>

On Fri, 2007-11-02 at 14:20 +0930, Roscoe wrote:
> I don't see any worthwhile gain over setting a strong passphrase, and
> then secret sharing that passphrase with ssss.

Fewer things can go wrong.

Secret shared passphrase + private key: what happens if the private key
is unavailable?  E.g., I die when my house burns down and my computer
cooks and even my back-ups are toast.  With a SS passphrase, I have to
make off-site backups of my private key... and then I have to make sure
that those off-site backups are still readable, since CD-Rs tend to go
bad... and if I replace one, I have to make sure the passphrase is the
same as the secret-shared passphrase...

Secret shared paperkey: the private key is available as long as the
secret shares are available.  OCR the SS paperkey, recover the private
key, boom, you're off to the races.

Fewer components, fewer steps, fewer dependencies, longer-term storage:
it's an all-around win.

> The biggest practical difference is that since you're secret sharing
> just a passphrase and not a secret key it's going to be less typing to
> reconstruct your key.

147 bytes is not an onerous reconstruction job, even if you have to do
it by hand.  Base64 it and it's about 200 characters, or two and a half
lines of text.




From eocsor at gmail.com  Fri Nov  2 11:37:20 2007
From: eocsor at gmail.com (Roscoe)
Date: Fri, 2 Nov 2007 20:07:20 +0930
Subject: Key safety vs Backup : History of a bad day (key-restoration
	problem)
In-Reply-To: <1193884926.7681.31.camel@vmsamuel>
References: <9f76a5860710271634i2e516e6djb2600650c7a90b9c@mail.gmail.com>
	<cf657bae0710310029q6dcad550uf39ae30003fd1755@mail.gmail.com>
	<20071102021118.GC27408@jabberwocky.com>
	<1193876775.7681.13.camel@vmsamuel>
	<cf657bae0711012150x5b82642dg5c2ac5b24bbe0e62@mail.gmail.com>
	<1193884926.7681.31.camel@vmsamuel>
Message-ID: <cf657bae0711020337q409409fbuadccc89561fc3c9a@mail.gmail.com>

Hmm, maybe I lost my meaning in trying to avoid verbosity.


If I decided my mum, dad and brother could be trusted, I'd encrypt my
private key with a strong password.

Then I'd use ssss to generate 3 shares, which when combined would
reveal the password to the private key.

Now I'd distribute to my mum, dad and brother a copy of my private key
and a password share each.

Now lets say my private key ended up being 200 characters and my
password 20 characters.

To reconstruct it I would have to type in 200 characters once, and
around 60 characters to recover the password (from the three shares)

Constrast that to if I applied secret sharing to the unencrypted
private key, I would, in order to recover my private key have to type
in around 600 characters (from the three shares).


ssss is open source and written in C,  I don't see how there is any
case for longer-term storage by avoiding ssss and using just paperkey.
(If C compilers disappear paperkey and gpg aren't going to be very
usable either)

To include secret sharing in paperkey would indeed result in fewer
components and fewer steps because you're inserting the functionality
like that of ssss into paperkey and thus making paperkey more complex.
I suppose thats a preference thing, as I mentioned I like the one tool
one job philosophy.

Now in light of having to type in more data (and thus one must store
more data reliably) and replicating functionality already provided by
ssss/paperkey I'm not seeing any advantage.


But! It is clear, there is a demand for secret sharing in paperkey :)


[I've made the assumption that the shares are the same size as the
secret, this  makes sense to me as you're encoding things as points in
N space but I don

On 11/1/07, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> On Fri, 2007-11-02 at 14:20 +0930, Roscoe wrote:
> > I don't see any worthwhile gain over setting a strong passphrase, and
> > then secret sharing that passphrase with ssss.
>
> Fewer things can go wrong.
>
> Secret shared passphrase + private key: what happens if the private key
> is unavailable?  E.g., I die when my house burns down and my computer
> cooks and even my back-ups are toast.  With a SS passphrase, I have to
> make off-site backups of my private key... and then I have to make sure
> that those off-site backups are still readable, since CD-Rs tend to go
> bad... and if I replace one, I have to make sure the passphrase is the
> same as the secret-shared passphrase...
>
> Secret shared paperkey: the private key is available as long as the
> secret shares are available.  OCR the SS paperkey, recover the private
> key, boom, you're off to the races.
>
> Fewer components, fewer steps, fewer dependencies, longer-term storage:
> it's an all-around win.
>
> > The biggest practical difference is that since you're secret sharing
> > just a passphrase and not a secret key it's going to be less typing to
> > reconstruct your key.
>
> 147 bytes is not an onerous reconstruction job, even if you have to do
> it by hand.  Base64 it and it's about 200 characters, or two and a half
> lines of text.
>
>
>


From vedaal at hush.com  Fri Nov  2 14:40:47 2007
From: vedaal at hush.com (vedaal at hush.com)
Date: Fri, 02 Nov 2007 08:40:47 -0500
Subject: key-restoration problem  // secret sharing
Message-ID: <20071102134048.06B6ADA824@mailserver7.hushmail.com>


>Message: 6
>Date: Thu, 1 Nov 2007 22:11:18 -0400
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Re: Key safety vs Backup : History of a bad day
>	(key-restoration	problem)

>>  Paperkey extracts just those secret bytes and prints them.  To
>> reconstruct, you re-enter those bytes (whether by hand or via 
>OCR) and
>> paperkey can use them to transform your existing public key into 
>a
>> secret key."
>> 
>> -- http://www.jabberwocky.com/software/paperkey/

>> (I think splitting a password into a few shares and distributing 
>them
>> in suitable places is a sane way of writing down passwords. 
>Other
>> people may disagree.)

>Is secret sharing a feature that people would want in paperkey?  
>You'd
>be able to print out a number of pages, and pick some threshold 
>number
>of pages that would be needed to reconstruct the key.
>
>I consider paperkey as the "backup of last resort", and it occurs 
>to
>me that the ability to stash different printed backups in multiple
>places is useful, in case there is fading/damage to a printout as
>happened to the poor fellow who started this thread.  That said, I 
>am
>not completely convinced that it is better to use multiple
>secret-shared printouts rather than just multiple copies of the 
>same
>printout.  Does anyone see a good use case (aside from the cool-
>trick
>factor) to using secret sharing in paperkey?


there may be an effective compromise workaround:

[1] remove the passphrase from the secret key

[2] (if not already in armored form, armor the secret key)

[3] split the armored ascii text, and distribute it
(carefully including the position lines,
i.e.,
this 'share' of the secret key block contains lines 9 through 16)


CAVEAT:
(am out of my depth here,
and welcome any technical input)

is there a section of the ascii-armored secret key block,
that by itself, is enough to reconstruct the secret key,
and if so,
how can it be determined which part of the keyblock it is,
in order to make sure that that section is 'split' for sharing ?

tia,

vedaal


--
Click for free quote on refinancing your mortgage.
http://tagline.hushmail.com/fc/Ioyw6h4d84qz60iNKiktmIVjEpW92NLmGsBqyKjQHZHBArzVDclbhN/



From dshaw at jabberwocky.com  Fri Nov  2 16:52:22 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 2 Nov 2007 11:52:22 -0400
Subject: New OpenPGP standard published
Message-ID: <20071102155222.GA5428@jabberwocky.com>

The new OpenPGP standard has been published.  It was assigned RFC
number 4880 (someone at the IETF has a sense of humor):

  http://www.ietf.org/rfc/rfc4880.txt

In terms of GnuPG, we're almost completely compliant to it already as
GnuPG was updated as the various drafts of the standard were
discussed.  Upcoming versions of GPG will change the "--openpgp" flag
to mean the new RFC-4880.  The old behavior will be available as
"--rfc2440" (which already exists).

David


From 210525p42015 at denstarfarm.us  Fri Nov  2 17:04:12 2007
From: 210525p42015 at denstarfarm.us (Robert D.)
Date: Fri, 02 Nov 2007 12:04:12 -0400
Subject: RSA Weak?
Message-ID: <472B4A7C.3040209@denstarfarm.us>

Did someone write that there is some school of thought that RSA is no
longer very strong? Or, is the meaning that it's likely to take 900
years instead of 100 years to crack?

Just curious. I have RSA 4096's ... could change them easily enough if
someone convinced me to do it.


From wk at gnupg.org  Fri Nov  2 18:18:03 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 02 Nov 2007 18:18:03 +0100
Subject: New OpenPGP standard published
In-Reply-To: <20071102155222.GA5428@jabberwocky.com> (David Shaw's message of
	"Fri, 2 Nov 2007 11:52:22 -0400")
References: <20071102155222.GA5428@jabberwocky.com>
Message-ID: <87abpwva5w.fsf@wheatstone.g10code.de>

On Fri,  2 Nov 2007 16:52, dshaw at jabberwocky.com said:

> The new OpenPGP standard has been published.  It was assigned RFC
> number 4880 (someone at the IETF has a sense of humor):

That's good news.  The first version of OpenPGP took a bit more than a
year to develop.  At that time we had 3 implementations with only one
not really up to the standard - although OpenPGP was based on the data
formats of that implementation ;-)

Now, exactly 9 years after rfc2440, there are numerous implementations
of OpenPGP and it has proved itself to be a solid and well backward
compatible standard.  The WG did a really good job to add the new
features and to clarify a lot of things which used to be hard to
understand for someone who did his first implemention.

I am going to celebrate that now with some pints of F?chschen at the
Cafe Modigliani[1].  Feel free to join.


Salam-Shalom,

   Werner


[1] http://www.bilkinfo.de/firmen/gastronomie.html

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From rjh at sixdemonbag.org  Fri Nov  2 19:59:05 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 13:59:05 -0500
Subject: RSA Weak?
In-Reply-To: <472B4A7C.3040209@denstarfarm.us>
References: <472B4A7C.3040209@denstarfarm.us>
Message-ID: <472B7379.7060604@sixdemonbag.org>

Robert D. wrote:
> Did someone write that there is some school of thought that RSA is no
> longer very strong? Or, is the meaning that it's likely to take 900
> years instead of 100 years to crack?

RSA has never lived up to people's grand expectations.  Advances in
computers and algorithms cause the sorts of RSA keys we can attack to
creep ever so gradually upwards.  It's reasonable to think that within a
decade an attacker with a ridiculous amount of resources will be able to
break RSA-1024.

Our current crop of conventional techniques will likely stall out there.

> Just curious. I have RSA 4096's ... could change them easily enough if
> someone convinced me to do it.

Not even people with RSA-1024 keys should be doing this.  RSA-1024 is
only insufficient if you have things you need to keep secret from
phenomenally well-equipped people who are willing to spend millions of
dollars to recover your data.

Even if you have adversaries like this, it is still very unlikely they
would ever actually do it.  There are much more cost-effective ways to
get your confidential information than spend millions of dollars
breaking your RSA-1024 key.

This is not something to be concerned about.




From yalla at fsfe.org  Fri Nov  2 20:42:09 2007
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 20:42:09 +0100
Subject: RSA Weak?
In-Reply-To: <472B7379.7060604@sixdemonbag.org>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
Message-ID: <bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>

On 11/2/07, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> RSA has never lived up to people's grand expectations.  Advances in
> computers and algorithms cause the sorts of RSA keys we can attack to
> creep ever so gradually upwards.  It's reasonable to think that within a
> decade an attacker with a ridiculous amount of resources will be able to
> break RSA-1024.

How do you come to that figure? A keyspace of 1024 is the double
amount of 1023 bit, so I'm curious how you come to that figures.

It's one thing to brute-force 256-bit RSA in, let's say, a couple of
months, but a totally different to break 1024 bits.

As long as there ain't no really better algorithm to factor primes.
Who knows what clever russian kid comes along with new, unique
innovative ideas.

Any pointers to confirm your claim "within a decade"?

Alex.


-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From email at sven-radde.de  Fri Nov  2 21:06:46 2007
From: email at sven-radde.de (Sven Radde)
Date: Fri, 02 Nov 2007 21:06:46 +0100
Subject: RSA Weak?
In-Reply-To: <bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
Message-ID: <472B8356.9030101@sven-radde.de>

Hi!

Alexander W. Janssen schrieb:

> How do you come to that figure? A keyspace of 1024 is the double
> amount of 1023 bit, so I'm curious how you come to that figures.

While this is true for symmetric ciphers, there are far more efficient
attack methods on asymmetric ciphers (factoring - instead of brute-forcing).

> It's one thing to brute-force 256-bit RSA in, let's say, a couple of
> months, but a totally different to break 1024 bits.

The current public record is a 663-bit RSA-key ("RSA-200" as it has 200
digits) AFAIK:
http://www.rsa.com/rsalabs/node.asp?id=2879

More recent is the factorization of a 640-bit RSA-key:
http://www.rsa.com/rsalabs/node.asp?id=2964

As mentioned above, the difficulty does not scale exponentially: The
663-bit number took 55 CPU-years on a 2,2GHz Opteron, the 640-bit number
 30 CPU-years. The actual computations were apparrently carried out by a
cluster with 80 machines.

In fact, some mathematician has proven that factoring is a polynomial
problem, IIRC.

cu, Sven


From yalla at fsfe.org  Fri Nov  2 21:29:13 2007
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 21:29:13 +0100
Subject: RSA Weak?
In-Reply-To: <472B81ED.2000901@sixdemonbag.org>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B81ED.2000901@sixdemonbag.org>
Message-ID: <bb1289090711021329mb09356ap9dbe7de5e4fc31e0@mail.gmail.com>

On 11/2/07, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> Alexander W. Janssen wrote:
> > How do you come to that figure? A keyspace of 1024 is the double
> > amount of 1023 bit, so I'm curious how you come to that figures.
>
> A keyspace of 1024 bits is double that of 1023 bits.  Prime numbers
> become more scarce as they go on.  For instance, there are two primes in
> a keyspace of two bits.  In a seven-bit keyspace--which, by your logic,
> there should be thirty-two times as many primes--there are only twelve
> and a half times as many.

I'm not too familiar with prime- or number-theory. Does that scale in
the same factor in all keyspaces?

> Read this:
>
> http://www.theregister.com/2007/05/22/unreadable_writing_is_on_the_wall/

Thanks for sharing that. Not sure if I'll understand it, but I'll
definetly have a look at it.

However, the fact that primes get more rare when the keyspace is
expanded isn't necessarily connected to that point that you still need
to check the whole keyspace - which stills grows linearly?

In cleartest: Even if primes get more rare, you still need to find
your whole way through *all* numbers as long as you don't find a
better algorithm.
Putting probalistic prime-tests aside.

Alex.

-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From rjh at sixdemonbag.org  Fri Nov  2 21:00:45 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 15:00:45 -0500
Subject: RSA Weak?
In-Reply-To: <bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
Message-ID: <472B81ED.2000901@sixdemonbag.org>

Alexander W. Janssen wrote:
> How do you come to that figure? A keyspace of 1024 is the double
> amount of 1023 bit, so I'm curious how you come to that figures.

A keyspace of 1024 bits is double that of 1023 bits.  Prime numbers
become more scarce as they go on.  For instance, there are two primes in
a keyspace of two bits.  In a seven-bit keyspace--which, by your logic,
there should be thirty-two times as many primes--there are only twelve
and a half times as many.

Primes are spaced out further and further as numbers grow larger and larger.

In this case, Arjen Lenstra is closing in on RSA-1024 with great
alacrity.  Lenstra is a reputable cryptographer, and his results are
quite interesting.

Read this:

http://www.theregister.com/2007/05/22/unreadable_writing_is_on_the_wall/



From yalla at fsfe.org  Fri Nov  2 21:35:36 2007
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 21:35:36 +0100
Subject: RSA Weak?
In-Reply-To: <472B8356.9030101@sven-radde.de>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B8356.9030101@sven-radde.de>
Message-ID: <bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>

On 11/2/07, Sven Radde <email at sven-radde.de> wrote:
[...]
> As mentioned above, the difficulty does not scale exponentially: The
> 663-bit number took 55 CPU-years on a 2,2GHz Opteron, the 640-bit number
>  30 CPU-years. The actual computations were apparrently carried out by a
> cluster with 80 machines.
>
> In fact, some mathematician has proven that factoring is a polynomial
> problem, IIRC.

A P-problem? Really?! Factoring primes is a polynomal problem nowadays?
Are you SURE about that?

Or do you just mean that the current development in CPU-power
compensates the exponential nature to a linear one (in history)
because CPU-power became cheap and parallelization became more common,
reducing the complexity a bit? (although you can't reduce exponential
complexity to linear or even polynomal just *as is*)

That'd put RSA into deep trouble. And not only RSA.

*sigh*

I'm just realizing that I missed a lot in the last years. Must watch
the development more closely...

> cu, Sven

Alex.


-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From rjh at sixdemonbag.org  Fri Nov  2 21:49:07 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 15:49:07 -0500
Subject: RSA Weak?
In-Reply-To: <bb1289090711021329mb09356ap9dbe7de5e4fc31e0@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>	<472B81ED.2000901@sixdemonbag.org>
	<bb1289090711021329mb09356ap9dbe7de5e4fc31e0@mail.gmail.com>
Message-ID: <472B8D43.5010200@sixdemonbag.org>

Alexander W. Janssen wrote:
> I'm not too familiar with prime- or number-theory. Does that scale in
> the same factor in all keyspaces?

A good first-order approximation for the number of primes with a certain
number of bits is given by the formula:

  X = 2**number of bits
  Y = 2**(number of bits - 1)

  (X ln Y - Y ln X) / ((X ln Y) * (Y ln X))

I don't know what you mean by 'scale by the same factor'.  But hey, if
you want approximations, there you go.  For small numbers this will be
off by a significant amount, but it asymptotically grows better.

> However, the fact that primes get more rare when the keyspace is
> expanded isn't necessarily connected to that point that you still need
> to check the whole keyspace - which stills grows linearly?

If the keyspace grew linearly, it would be a trivial problem to factor.
 Just throw more cycles at it.

The entire point is that the keyspace grows exponentially.  You were
arguing the exponential factor is two, which it's definitely not.  In
reality the exponential factor of difficulty added per bit changes
depending on how large your key already is.  If your key is small,
adding one bit can substantially increase your security.  If your key is
large, adding one bit is a who-cares? proposition.

If it helps, the National Institutes of Science and Technology (NIST)
has estimated a 1024-bit key is roughly equivalent in computational
complexity to an 80-bit symmetric key.

> In cleartest: Even if primes get more rare, you still need to find
> your whole way through *all* numbers as long as you don't find a
> better algorithm.

Such as, say, the generalized number field sieve?

> Putting probalistic prime-tests aside.

This has no connection whatsoever with factoring.  Miller-Rabin is used
to test primality; it does not give you any useful information about the
factors of a number.



From email at sven-radde.de  Fri Nov  2 22:00:25 2007
From: email at sven-radde.de (Sven Radde)
Date: Fri, 02 Nov 2007 22:00:25 +0100
Subject: RSA Weak?
In-Reply-To: <bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>	<472B8356.9030101@sven-radde.de>
	<bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>
Message-ID: <472B8FE9.4050608@sven-radde.de>

Alexander W. Janssen schrieb:
>> In fact, some mathematician has proven that factoring is a polynomial
>> problem, IIRC.
> 
> A P-problem? Really?! Factoring primes is a polynomal problem nowadays?
> Are you SURE about that?

Umm, no, not sure (hence the IIRC). Apparently, I am nearing an age
where this disclaimer is actually necessary...

In <http://en.wikipedia.org/wiki/Integer_factorization> it is stated
that the problem is known to be sub-exponential but that no polynomial
algorithm is known.

I think, I was referring to the primality test, which is known to be in
P since sometime in 2002.

> That'd put RSA into deep trouble. And not only RSA.

Sorry, sorry, don't panic ;-)

cu, Sven


From rjh at sixdemonbag.org  Fri Nov  2 22:01:31 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 16:01:31 -0500
Subject: RSA Weak?
In-Reply-To: <bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>	<472B8356.9030101@sven-radde.de>
	<bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>
Message-ID: <472B902B.5080406@sixdemonbag.org>

Alexander W. Janssen wrote:
> A P-problem? Really?! Factoring primes is a polynomal problem nowadays?
> Are you SURE about that?

People who do not know what P stands for should not attempt to whap
other people around with it.

P is shorthand for deterministic polynomial time.  NP is
nondeterministic polynomial time.

Factoring is known to be in NP.  Therefore, it is perfectly fair to say
that it's a polynomial problem, as long as Sven is not claiming that
it's deterministic polynomial, which he isn't.

Nondeterministic polynomial time means it can be solved in polynomial
time by a nondeterministic Turing Machine--a machine that is capable of
making phenomenally lucky guesses.  Deterministic polynomial time means
it can be solved in polynomial time by a Turing Machine that cannot make
phenomenally lucky guesses.


... Incidentally, I'm assuming you meant 'factoring composites'.
Factoring prime numbers is most definitely in P.  It's also in NC and
Context-Free, but probably not Regular; you need a pushdown automata to
parse the number as you read it, which means a context-free language is
required.



From yalla at fsfe.org  Fri Nov  2 22:05:01 2007
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 22:05:01 +0100
Subject: RSA Weak?
In-Reply-To: <472B8FE9.4050608@sven-radde.de>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B8356.9030101@sven-radde.de>
	<bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>
	<472B8FE9.4050608@sven-radde.de>
Message-ID: <bb1289090711021405o2189d418kc08273f125b000b@mail.gmail.com>

On 11/2/07, Sven Radde <email at sven-radde.de> wrote:
> Alexander W. Janssen schrieb:
> >> In fact, some mathematician has proven that factoring is a polynomial
> >> problem, IIRC.
> >
> > A P-problem? Really?! Factoring primes is a polynomal problem nowadays?
> > Are you SURE about that?
> I think, I was referring to the primality test, which is known to be in
> P since sometime in 2002.

Ha, I made the same wrongful assumption. My fault. *Testing* primes is
in a different class than *factoring* primes.

> Sorry, sorry, don't panic ;-)

:-)

> cu, Sven

Alex.


-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From yalla at fsfe.org  Fri Nov  2 22:12:48 2007
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 22:12:48 +0100
Subject: RSA Weak?
In-Reply-To: <bb1289090711021412n16875048xa337ce3e25ada1f5@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B8356.9030101@sven-radde.de>
	<bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>
	<472B902B.5080406@sixdemonbag.org>
	<bb1289090711021412n16875048xa337ce3e25ada1f5@mail.gmail.com>
Message-ID: <bb1289090711021412u3624f52arde4f8ab4436f0e5b@mail.gmail.com>

On 11/2/07, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> Alexander W. Janssen wrote:
> > A P-problem? Really?! Factoring primes is a polynomal problem nowadays?
> > Are you SURE about that?
>
> Factoring is known to be in NP.  Therefore, it is perfectly fair to say
> that it's a polynomial problem, as long as Sven is not claiming that
> it's deterministic polynomial, which he isn't.

We already sorted that out in that other posting.

> ... Incidentally, I'm assuming you meant 'factoring composites'.

That's what I meant initially.

> Factoring prime numbers is most definitely in P.

Hold on. Earlier you say "Factoring is known to be in NP". P is much
smaller. I'm not familiar to the latest outcomes. So what do you mean?

> It's also in NC and
> Context-Free, but probably not Regular; you need a pushdown automata to
> parse the number as you read it, which means a context-free language is
> required.

OK, there you got me. I only know the term context-free from languages.

Alex.


--
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From rjh at sixdemonbag.org  Fri Nov  2 22:21:44 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 16:21:44 -0500
Subject: RSA Weak?
In-Reply-To: <472B81ED.2000901@sixdemonbag.org>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B81ED.2000901@sixdemonbag.org>
Message-ID: <472B94E8.7040605@sixdemonbag.org>

Robert J. Hansen wrote:
> A keyspace of 1024 bits is double that of 1023 bits.  Prime numbers

s/is double/is not double/

My typo, sorry.



From yalla at fsfe.org  Fri Nov  2 22:03:10 2007
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 22:03:10 +0100
Subject: RSA Weak?
In-Reply-To: <472B8D43.5010200@sixdemonbag.org>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B81ED.2000901@sixdemonbag.org>
	<bb1289090711021329mb09356ap9dbe7de5e4fc31e0@mail.gmail.com>
	<472B8D43.5010200@sixdemonbag.org>
Message-ID: <bb1289090711021403j6c03bcc6na1ab8c9e3da3e0e7@mail.gmail.com>

On 11/2/07, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> A good first-order approximation for the number of primes with a certain
> number of bits is given by the formula:
>
>   X = 2**number of bits
>   Y = 2**(number of bits - 1)
>
>   (X ln Y - Y ln X) / ((X ln Y) * (Y ln X))

Thanks. Though I must admit I must think about it before making a comment on it.

> I don't know what you mean by 'scale by the same factor'.  But hey, if
> you want approximations, there you go.  For small numbers this will be
> off by a significant amount, but it asymptotically grows better.

Was meant to be read as:
As you add a bit you double the keyspace, but you said something else
about it more below.
But you're argument that it "asymptotically grows better" worries me
when I think of my concept of asympotic - you mean, that the length of
the key and the probabilty of finding the factors converge?

> > However, the fact that primes get more rare when the keyspace is
> > expanded isn't necessarily connected to that point that you still need
> > to check the whole keyspace - which stills grows linearly?
>
> If the keyspace grew linearly, it would be a trivial problem to factor.
> Just throw more cycles at it.

Not really; if it scale exponentially, it wouldn't worry me.

> The entire point is that the keyspace grows exponentially.

That's what I meant.

> You were
> arguing the exponential factor is two, which it's definitely not.

Uh. Did I say this?
Yes, "doubles the keyspace"... Unlucky statement. Yet true?

> In reality the exponential factor of difficulty added per bit changes
> depending on how large your key already is.  If your key is small,
> adding one bit can substantially increase your security.  If your key is
> large, adding one bit is a who-cares? proposition.

Is that related to the approximated formular - density of primes - you
gave above?
Must think of it.

> If it helps, the National Institutes of Science and Technology (NIST)
> has estimated a 1024-bit key is roughly equivalent in computational
> complexity to an 80-bit symmetric key.

I read about it without further thinking about it.
Hey. I ain't no mathematician and last math-session at my Uni is years ago... :)

> > In cleartest: Even if primes get more rare, you still need to find
> > your whole way through *all* numbers as long as you don't find a
> > better algorithm.
>
> Such as, say, the generalized number field sieve?

No, like in runtime, finding your way through the problem. But see below:

> > Putting probalistic prime-tests aside.
>
> This has no connection whatsoever with factoring.  Miller-Rabin is used
> to test primality; it does not give you any useful information about the
> factors of a number.

And that was my problem: You are absolutely right: I was implying
(wrongly) that finding a prime is in the same class as *factoring*
primes. Which is absolutely wrong.

Thanks for your clarification. Makes more sense now, although I'm not
entirely enlighted yet...

Alex.


-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From rjh at sixdemonbag.org  Fri Nov  2 22:27:02 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 16:27:02 -0500
Subject: RSA Weak?
In-Reply-To: <bb1289090711021412u3624f52arde4f8ab4436f0e5b@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>	<472B8356.9030101@sven-radde.de>	<bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>	<472B902B.5080406@sixdemonbag.org>	<bb1289090711021412n16875048xa337ce3e25ada1f5@mail.gmail.com>
	<bb1289090711021412u3624f52arde4f8ab4436f0e5b@mail.gmail.com>
Message-ID: <472B9626.8040902@sixdemonbag.org>

Alexander W. Janssen wrote:
> > Factoring prime numbers is most definitely in P.
>
> Hold on. Earlier you say "Factoring is known to be in NP". P is much
> smaller. I'm not familiar to the latest outcomes. So what do you mean?

If you have a proof that P is much smaller than NP, a million bucks is
yours for the claiming.

Factoring, in the general case, is in NP.

Factoring, /specifically applied to prime numbers/, is in Context-Free.

Like most math problems, there are certain special forms of problems
that are easier to solve than others.  If I ask you to factor
2,147,483,647, well, that might take you a very long time.

If I tell you that 2,147,483,647 is a prime number (the eighth Mersenne)
and ask you to factor it, you don't have to do any computation at all:
you just give the number back to me and you're done.  You can skip the
entire computation step.

When numbers are in a special form, there often exist special purpose
algorithms that are much more efficient than the general purpose
algorithms one would otherwise be forced to use.




From yalla at fsfe.org  Fri Nov  2 22:31:55 2007
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 22:31:55 +0100
Subject: RSA Weak?
In-Reply-To: <472B947F.3070801@sixdemonbag.org>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B8356.9030101@sven-radde.de>
	<bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>
	<472B902B.5080406@sixdemonbag.org>
	<bb1289090711021412n16875048xa337ce3e25ada1f5@mail.gmail.com>
	<472B947F.3070801@sixdemonbag.org>
Message-ID: <bb1289090711021431u3c72b805xed21be088996d238@mail.gmail.com>

On 11/2/07, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> Alexander W. Janssen wrote:
> >> Factoring prime numbers is most definitely in P.
> >
> > Hold on. Earlier you say "Factoring is known to be in NP". P is much
> > smaller. I'm not familiar to the latest outcomes. So what do you mean?
>
> If you have a proof that P is much smaller than NP, a million bucks is
> yours for the claiming.
>
> Factoring, in the general case, is in NP.

I think we have a problem in nomenclature. Or, let's say, I have one.
Apparently P and NP doesn't mean the same to you and me.
Considering that my complexity-classes are years ago and you seem to
know what you're talking about, I just assume you're right.
However, that means that I have to rethink everything I think to know...
Which is not a bad thing at all :)

> Factoring, /specifically applied to prime numbers/, is in Context-Free.

I still don't get what you mean with context-free in that context, but
I'll think about it.

> If I tell you that 2,147,483,647 is a prime number (the eighth Mersenne)
> and ask you to factor it, you don't have to do any computation at all:
> you just give the number back to me and you're done.  You can skip the
> entire computation step.

If they're special primes, that's for sure. Proved a long time ago...

> When numbers are in a special form, there often exist special purpose
> algorithms that are much more efficient than the general purpose
> algorithms one would otherwise be forced to use.

Right. But the p and q we use in RSA shouldn't be special :)

However. Since you just made me wonder about the meanings of P and NP,
I'll rethink and come back later.

Cheers, Alex.

-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From rjh at sixdemonbag.org  Fri Nov  2 22:13:44 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 16:13:44 -0500
Subject: RSA Weak?
In-Reply-To: <472B8356.9030101@sven-radde.de>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B8356.9030101@sven-radde.de>
Message-ID: <472B9308.80602@sixdemonbag.org>

Sven Radde wrote:
> In fact, some mathematician has proven that factoring is a polynomial
> problem, IIRC.

Well, we know it's in NP, since polytime verification is possible; and
there are strong arguments that it cannot be NP-HARD, because then it
would exist in both NP and Co-NP, which would lead to various proofs
that would collapse an awful lot of mathematics as we know it.

It's been (trivially) proven factoring exists in NP and also in Co-NP.
The open question is whether it is NP-HARD or Co-NP-HARD.  If it's
NP-HARD, then everybody is in a whole lot of trouble; a proof of
NP-HARDness would nead to a proof that factoring was NP-Complete, which
would mean that NP = Co-NP.  I'm blanking on precisely the consequences
after that, but I do recall that if NP = Co-NP then a lot of our
commonsense understanding of math gets turned on its ear.

I guess you could say we believe factoring is not NP-HARD because the
consequences of it being so are too catastrophic to consider.  :)


From rjh at sixdemonbag.org  Fri Nov  2 23:21:04 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 02 Nov 2007 17:21:04 -0500
Subject: RSA Weak?
In-Reply-To: <bb1289090711021431u3c72b805xed21be088996d238@mail.gmail.com>
References: <472B4A7C.3040209@denstarfarm.us>	<472B7379.7060604@sixdemonbag.org>	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>	<472B8356.9030101@sven-radde.de>	<bb1289090711021335p7e254ed3r66c734f6890e7e3c@mail.gmail.com>	<472B902B.5080406@sixdemonbag.org>	<bb1289090711021412n16875048xa337ce3e25ada1f5@mail.gmail.com>	<472B947F.3070801@sixdemonbag.org>
	<bb1289090711021431u3c72b805xed21be088996d238@mail.gmail.com>
Message-ID: <472BA2D0.5040800@sixdemonbag.org>

Alexander W. Janssen wrote:
> Apparently P and NP doesn't mean the same to you and me.

P:  the set of all decision problems that can be solved in polynomial
    time on a deterministic Turing machine.
NP: the set of all decision problems that can be solved in polynomial
    time on a nondeterministic Turing machine.

Equivalently:

NP: the set of all decision problems whose answers can be verified
    in polynomial time on a deterministic Turing machine.

We're handwaving a little bit by using phrases like P and NP to talk
about finding prime factors of composites.  Factorization is a function
problem as opposed to a decision problem; their analogues are FP and
FNP.  However, the logic still holds, since polynomial-time function
problems can be reduced in polytime to decision problems.

>> If I tell you that 2,147,483,647 is a prime number (the eighth Mersenne)
>> and ask you to factor it, you don't have to do any computation at all:
>> you just give the number back to me and you're done.  You can skip the
>> entire computation step.
> 
> If they're special primes, that's for sure. Proved a long time ago...

Not 'if they're special primes'.  /Any/ prime.  Factoring any prime is a
special case for factorization.  You don't have to do anything: you just
give the number back.



From malayter at gmail.com  Sat Nov  3 06:19:11 2007
From: malayter at gmail.com (Ryan Malayter)
Date: Sat, 3 Nov 2007 00:19:11 -0500
Subject: New OpenPGP standard published
In-Reply-To: <20071102155222.GA5428@jabberwocky.com>
References: <20071102155222.GA5428@jabberwocky.com>
Message-ID: <5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com>

On Nov 2, 2007 10:52 AM, David Shaw <dshaw at jabberwocky.com> wrote:
> The new OpenPGP standard has been published.  It was assigned RFC
> number 4880 (someone at the IETF has a sense of humor):

Is there an FAQ or other document which highlights only the changes
and improvements since 2440? The output of "diff rfc2440.txt
rfc4880.txt" didn't help me, and such a document isn't prominent on
the OpenPGP WG pages.

Thanks,
--
RPM


From zvrba at globalnet.hr  Sat Nov  3 07:28:06 2007
From: zvrba at globalnet.hr (Zeljko Vrba)
Date: Sat, 03 Nov 2007 07:28:06 +0100
Subject: RSA Weak?
In-Reply-To: <472B8356.9030101@sven-radde.de>
References: <472B4A7C.3040209@denstarfarm.us>
	<472B7379.7060604@sixdemonbag.org>
	<bb1289090711021242t12a600c5ka37f13fb7d2d0f7e@mail.gmail.com>
	<472B8356.9030101@sven-radde.de>
Message-ID: <87ejf7vo5l.fsf@globalnet.hr>

Sven Radde <email at sven-radde.de> writes:

>
> In fact, some mathematician has proven that factoring is a polynomial
> problem, IIRC.
>
No, what they have proven is that *primality testing* is a polynomial problem.
http://en.wikipedia.org/wiki/AKS_primality_test


From nabble at zaxx.ws  Sat Nov  3 20:48:17 2007
From: nabble at zaxx.ws (tharrson)
Date: Sat, 3 Nov 2007 12:48:17 -0700 (PDT)
Subject: GPG Mac questions
Message-ID: <13542105.post@talk.nabble.com>


I'm considering using GPG on Mac, but it seems a bit intimidating. Are there
any easy step-by-step setup instructions anywhere?
My correspondents tend to be Windows people who send me files encrypted by
PGP7. Will I be able to decrypt these on Mac with GPG?
-- 
View this message in context: http://www.nabble.com/GPG-Mac-questions-tf4735506.html#a13542105
Sent from the GnuPG - User mailing list archive at Nabble.com.



From shavital at mac.com  Sat Nov  3 21:07:57 2007
From: shavital at mac.com (Charly Avital)
Date: Sat, 03 Nov 2007 16:07:57 -0400
Subject: GPG Mac questions
In-Reply-To: <13542105.post@talk.nabble.com>
References: <13542105.post@talk.nabble.com>
Message-ID: <472CD51D.40605@mac.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

tharrson wrote:
> I'm considering using GPG on Mac, but it seems a bit intimidating. Are there
> any easy step-by-step setup instructions anywhere?
> My correspondents tend to be Windows people who send me files encrypted by
> PGP7. Will I be able to decrypt these on Mac with GPG?

Hi,

Please visit <http://macgpg.sourceforge.net/> where you will find
information, HOWTOs, and links.
This is *not* a RTFM answer, just a recommendation so that you get
yourself acquainted with MacGPG.

Afterwards, I shall be glad to try and help, and suggest that you
subscribe to the macgpg-users list
<https://lists.sourceforge.net/lists/listinfo/macgpg-users>, that is
specific to Mac Users.

This does not mean that you wouldn't get feedback on this list
(gnupg-users), but it would be more convenient that you address your
queries to a Mac Forum.

Welcome!
Charly


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRyzVF83GMi2FW4PvAQi78wgAo/PU4xj2yVR1vDOPFuqJ4OxtR0JxsHe8
TfOxqqwCOYEcCFBCEhS6v/Kq+PXbjJtbnVePgEJBkBcFhwzzSGgoZmwtk6d8klx7
VAOx41bjqIwTf80ITgAZxF4RWthxciZuztUmzfwTvCLbSo4pxYk0K9CzNyw8geT5
A4i+FtRJ5zAyE+mkqDveIQuHIbASnB0zkVnCtOA3LRoO/Lm0NzxsrhT4ISF9kx3p
gbnKzgBOmIIxffpiBeNHDvg3urSTR+TQIPW6atAjcg1dMpBXsr6jN0fTkSfrFNZX
qOV/bUrUwro2oH8SPHPD1KESCYieVed5JSgBeKIEsGzO+yKBeZ72/Q==
=I109
-----END PGP SIGNATURE-----


From wk at gnupg.org  Sun Nov  4 14:44:03 2007
From: wk at gnupg.org (Werner Koch)
Date: Sun, 04 Nov 2007 14:44:03 +0100
Subject: New OpenPGP standard published
In-Reply-To: <5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com>
	(Ryan Malayter's message of "Sat, 3 Nov 2007 00:19:11 -0500")
References: <20071102155222.GA5428@jabberwocky.com>
	<5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com>
Message-ID: <871wb6t9b0.fsf@wheatstone.g10code.de>

On Sat,  3 Nov 2007 06:19, malayter at gmail.com said:

> Is there an FAQ or other document which highlights only the changes
> and improvements since 2440? The output of "diff rfc2440.txt
> rfc4880.txt" didn't help me, and such a document isn't prominent on
> the OpenPGP WG pages.

Not that I know.  There are many editoral changes so that even a diff
between the source form of the RFC is not meaningful.  We had 22 drafts
in the last 9 years.

I remember these new features:

 * MDC packets (your are using them for a long time).
 * A new format to protect secret keys.
 * Backsigs
 * New algorithms (AES, DSA-2, SHA-256 et al.)

but there are more.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From karadenizi at earthlink.net  Sun Nov  4 14:52:31 2007
From: karadenizi at earthlink.net (Kara)
Date: Sun, 04 Nov 2007 08:52:31 -0500
Subject: Meaning  of "sig!   N" self-signature
Message-ID: <472DCE9F.3080509@earthlink.net>

====

I've received a key with two userIDs (identify and keyIDs changed):

     uid  Dummy Name <dummy at gmail.com>
     sig!     N   12345678 2007-10-29  [self-signature]

     uid  Dummy Name
     sig!         123456789 2007-10-19  [self-signature]

====

Question 1:  In the first userID's self-signature what does
             the "N" indicate?

Question 2:  And how would one generate such a self-signature.



Timestamp: Sun 04 Nov 07, 0852 Local (UTC -0500)

====


From dshaw at jabberwocky.com  Sun Nov  4 16:05:47 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun, 4 Nov 2007 10:05:47 -0500
Subject: Meaning  of "sig!   N" self-signature
In-Reply-To: <472DCE9F.3080509@earthlink.net>
References: <472DCE9F.3080509@earthlink.net>
Message-ID: <20071104150547.GA2975@jabberwocky.com>

On Sun, Nov 04, 2007 at 08:52:31AM -0500, Kara wrote:
> ====
> 
> I've received a key with two userIDs (identify and keyIDs changed):
> 
>      uid  Dummy Name <dummy at gmail.com>
>      sig!     N   12345678 2007-10-29  [self-signature]
> 
>      uid  Dummy Name
>      sig!         123456789 2007-10-19  [self-signature]
> 
> ====
> 
> Question 1:  In the first userID's self-signature what does
>              the "N" indicate?

There is a notation on the signature.  A notation allows the issuer of
the signature to add special instructions or general information to be
seen by whoever verifies the signature.

> Question 2:  And how would one generate such a self-signature.

gpg --cert-notation "foo=bar"

This sets a notation named "foo" that contains the contents "bar".

David


From rjh at sixdemonbag.org  Sun Nov  4 17:15:23 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 04 Nov 2007 10:15:23 -0600
Subject: New OpenPGP standard published
In-Reply-To: <871wb6t9b0.fsf@wheatstone.g10code.de>
References: <20071102155222.GA5428@jabberwocky.com>	<5d7f07420711022219y6b18aa61pd5c798d9ca958ef6@mail.gmail.com>
	<871wb6t9b0.fsf@wheatstone.g10code.de>
Message-ID: <472DF01B.4060103@sixdemonbag.org>

Werner Koch wrote:
> Not that I know.  There are many editoral changes so that even a diff
> between the source form of the RFC is not meaningful.  We had 22 drafts
> in the last 9 years.

Follow-up question:

Has anyone ever come up with an EBNF for the format of an OpenPGP message?



From email at sven-radde.de  Sun Nov  4 17:31:51 2007
From: email at sven-radde.de (Sven Radde)
Date: Sun, 04 Nov 2007 17:31:51 +0100
Subject: Meaning  of "sig!   N" self-signature
In-Reply-To: <20071104150547.GA2975@jabberwocky.com>
References: <472DCE9F.3080509@earthlink.net>
	<20071104150547.GA2975@jabberwocky.com>
Message-ID: <472DF3F7.2050604@sven-radde.de>

Hi!

David Shaw schrieb:
> A notation allows the issuer of
> the signature to add special instructions or general information to be
> seen by whoever verifies the signature.

Are there any conventions/suggestions for these notations? I mean,
something like "signer-key-url=http://..." or the like? Or is it fully
arbitrary?

cu, Sven


From dshaw at jabberwocky.com  Sun Nov  4 17:53:33 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun, 4 Nov 2007 11:53:33 -0500
Subject: Meaning  of "sig!   N" self-signature
In-Reply-To: <472DF3F7.2050604@sven-radde.de>
References: <472DCE9F.3080509@earthlink.net>
	<20071104150547.GA2975@jabberwocky.com>
	<472DF3F7.2050604@sven-radde.de>
Message-ID: <20071104165333.GA3346@jabberwocky.com>

On Sun, Nov 04, 2007 at 05:31:51PM +0100, Sven Radde wrote:
> Hi!
> 
> David Shaw schrieb:
> > A notation allows the issuer of
> > the signature to add special instructions or general information to be
> > seen by whoever verifies the signature.
> 
> Are there any conventions/suggestions for these notations? I mean,
> something like "signer-key-url=http://..." or the like? Or is it fully
> arbitrary?

The rule, according to RFC-4880 is that the notation name is in the
form of an email address: your-notation-name at your-domain.example.com
or the like.  This prevents collisions among different people (since
their domain is in the notation name).

There is a process in which a given notation can be made an internet
standard, and thus not need the '@' sign, but there are no such
standard notations yet.

David


From pg at futureware.at  Mon Nov  5 12:00:50 2007
From: pg at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=)
Date: Mon, 5 Nov 2007 12:00:50 +0100
Subject: UID management
Message-ID: <200711051200.51516.pg@futureware.at>

Hi,

I am missing the GPGME manual on the website:
http://www.gnupg.org/(en)/documentation/manuals.html


Does GPGME have UID management functionality? 
I would need deluid to delete UIDs from keys, and I can?t find it in the 
documentation.


When I do gpg --with-colons $file then I get a list of UIDs in that file.
When I do a fresh gpg --import $file and then a gpg --edit-key $uid then I 
also get a list of those UIDs.
But that list is ordered differently.
Why is it ordered differently?
How are both lists ordered?


Best regards,
Philipp G?hring



From wk at gnupg.org  Mon Nov  5 12:24:41 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 05 Nov 2007 12:24:41 +0100
Subject: UID management
In-Reply-To: <200711051200.51516.pg@futureware.at> ("Philipp =?utf-8?Q?G?=
	=?utf-8?Q?=C3=BChring=22's?=
	message of "Mon, 5 Nov 2007 12:00:50 +0100")
References: <200711051200.51516.pg@futureware.at>
Message-ID: <87r6j5orye.fsf@wheatstone.g10code.de>

On Mon,  5 Nov 2007 12:00, pg at futureware.at said:

> Does GPGME have UID management functionality? 

You need to use the edit feature and implement most things yourself.
See GPA for an implementarions of this.

> Why is it ordered differently?

This is an implementation detail.

> How are both lists ordered?

The order is not specified. OpenPGP does not define any order of UIDs.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From rc647bob at aim.com  Mon Nov  5 16:55:21 2007
From: rc647bob at aim.com (rc647bob at aim.com)
Date: Mon, 05 Nov 2007 10:55:21 -0500
Subject: Fwd: decrypt
In-Reply-To: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com>
References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com>
Message-ID: <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com>


Returns mytest-1.cpp with no contents.? Am I using the correct key?

gpg --decrypt --recipient "abcba" mytest-1.cpp.gpg > mytest-1.cpp
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information

You need a passphrase to unlock the secret key for user: "abcba"

gpg: encrypted with 2048-bit ELG-E key, ID 1A191739, created 2007-05-27
????? "abcba"

bob.




________________________________________________________________________
Check Out the new free AIM(R) Mail -- Unlimited storage and 
industry-leading spam and email virus protection.


From wk at gnupg.org  Mon Nov  5 18:03:31 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 05 Nov 2007 18:03:31 +0100
Subject: Fwd: decrypt
In-Reply-To: <8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com>
	(rc647bob@aim.com's message of "Mon, 05 Nov 2007 10:55:21 -0500")
References: <8C9E58B5F1CD518-FE8-63CA@WEBMAIL-MA14.sysops.aol.com>
	<8C9EDDB67A599FD-CE4-3E46@WEBMAIL-DF06.sysops.aol.com>
Message-ID: <87fxzkmxp8.fsf@wheatstone.g10code.de>

On Mon,  5 Nov 2007 16:55, rc647bob at aim.com said:

> gpg --decrypt --recipient "abcba" mytest-1.cpp.gpg > mytest-1.cpp

gpg --decrypt --recipient "abcba" --output - mytest-1.cpp.gpg > mytest-1.cpp


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From pg at futureware.at  Mon Nov  5 18:18:33 2007
From: pg at futureware.at (Philipp =?iso-8859-1?q?G=FChring?=)
Date: Mon, 5 Nov 2007 18:18:33 +0100
Subject: UID management
In-Reply-To: <87r6j5orye.fsf@wheatstone.g10code.de>
References: <200711051200.51516.pg@futureware.at>
	<87r6j5orye.fsf@wheatstone.g10code.de>
Message-ID: <200711051818.34841.pg@futureware.at>

Hi,

Thanks for your answer!

Ok, I need the following: 
1. I need a tool that lists me all the UIDs in a key. 
2. Then I select the UIDs I need, and the UIDs I do not need
3. Then I need a tool that removes all selected unneeded UIDs from the key, 
and returns me the stripped key.

Until now I tried the do the first step with gpg --with-colons and the third 
step with gpg --edit-key by automating gpg. 
But due to the ordering problem, this doesn?t work.

> > Does GPGME have UID management functionality?
>
> You need to use the edit feature and implement most things yourself.
> See GPA for an implementarions of this.

How likely will it be that such an implementation will break with the next 
version? It doesn?t sounds like a stable, robust and secure way to me.

> > Why is it ordered differently?
>
> This is an implementation detail.

You mean an implementation bug? Or is there some structural problem that 
doesnt allow for a robust ordering? Are you sorting the UIDs while importing 
them for faster lookup? Aren?t you just copying the public key into the 
keyring directly?
Why isn?t it order just in the same way it is written in the file? Why is it 
reordered at all? Why isn?t the ordering configurable?

> > How are both lists ordered?
>
> The order is not specified. 

How can I specify it then?

> OpenPGP does not define any order of UIDs. 

Is that an issue that should be solved in the OpenPGP standard? Can you write 
a proposal that would suit it?

Ok, which solution can you suggest?

Best regards,
Philipp G?hring



From frank at ezprintsolutions.com  Thu Nov  1 14:20:04 2007
From: frank at ezprintsolutions.com (jramro)
Date: Thu, 1 Nov 2007 06:20:04 -0700 (PDT)
Subject: GNuPG Newb
In-Reply-To: <4729BC6D.5000803@sven-radde.de>
References: <13510878.post@talk.nabble.com> <4729BC6D.5000803@sven-radde.de>
Message-ID: <13528567.post@talk.nabble.com>




The server/host I'm on already has a user/bin with the .gnupg 
I've never used it before so i dont know how to test it. 

The control panel only allows you to see the key pair that was generated,
nothing more. there's 
no access to control safe modes, etc . 

Is there a simple script to test this just to send a basic test email 
I've tried a few gpg scripts so far, but the mail they send is blank . it
goes through to my email, but no text , nothing. 

All of the websites I've researched only talk about the basics or the logic
and key pairs, generating keys, or setting up gnupg on your own machine. Is
there any comprehensive tutorial or scripts on how to make the gnupg
intercept the mail in the in/out pipe, as you say?
If i alreayd have gnupg on the server /host, would i need to even have
something like Anubis on my machine? 




Sven Radde-3 wrote:
> 
> Hi!
> 
> jramro schrieb:
>>  I'm trying to send a php mail form and not able to get it to encrypt or
>> do
>> much of anything. 
> 
> First of all, make sure that you have access to the gpg executable from
> your php script and that safe mode and similar restrictions do not cause
> problems.
> Make also sure that the necessary keys are imported, set to trustworthy
> on the machine you are running GnuPG and the like.
> 
>>  I was a bit confused because i heard that PGP can intercept a mail form
>> through SMTP and encrypt it , but that GnuPG can not? 
> 
> What is confusing about the fact that different softwares can have a
> different set of features?
> It should however be reasonably easy to write a wrapper around GnuPG
> that works as an SMTP proxy if this is really necessary. Maybe someone
> can point you to an existing solution, I would be surprised if there
> wasn't one already.
> A quick look at <http://www.gnupg.org/related_software/frontends.html>
> turned up Anubis <http://www.gnu.org/software/anubis/> but I have no
> idea about the quality of that project (last update 2004 - either it's
> very stable or very abandoned or both).
> 
>>  Do i have to first output my mail form into a temp folder as a .txt
>> file,
>> and then encrypt the .txt file? 
> 
> You could do that, but gpg can also be used to handle piped standard
> in-/output. I think, this would be the preferred way.
> 
> The command line would be roughly like:
> gpg --armor --recipient KEYID --encrypt
> --> write text to GnuPG stdin, terminate with EOF
> <-- read "PGP MESSAGE" from GnuPG stdout
> 
> You can easily try this in the console.
> 
>>  When reaching last page, the mail form is assembled and populated and
>> sent. 
> 
> So, at this point, before passing the assembled mail body string to the
> PHP mail()-function, you could just pipe it through a call to gpg.
> 
> HTH, Sven
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://www.nabble.com/GNuPG-Newb-tf4725529.html#a13528567
Sent from the GnuPG - User mailing list archive at Nabble.com.



From nabble at zaxx.ws  Fri Nov  2 05:30:54 2007
From: nabble at zaxx.ws (tharrson)
Date: Thu, 1 Nov 2007 21:30:54 -0700 (PDT)
Subject: GPG Mac questions
Message-ID: <13542105.post@talk.nabble.com>


I'm considering using GPG on Mac, but it seems a bit intimidating. Are there
any easy step-by-step setup instructions anywhere?
My correspondents tend to be Windows people who send me files encrypted by
PGP7. Will I be able to decrypt these on Mac with GPG?
-- 
View this message in context: http://www.nabble.com/GPG-Mac-questions-tf4735506.html#a13542105
Sent from the GnuPG - User mailing list archive at Nabble.com.



From sven at radde.name  Fri Nov  2 16:58:44 2007
From: sven at radde.name (Sven Radde)
Date: Fri, 02 Nov 2007 16:58:44 +0100
Subject: key-restoration problem  // secret sharing
In-Reply-To: <20071102134048.06B6ADA824@mailserver7.hushmail.com>
References: <20071102134048.06B6ADA824@mailserver7.hushmail.com>
Message-ID: <472B4934.7060105@radde.name>

vedaal at hush.com schrieb:

> > is there a section of the ascii-armored secret key block,
> > that by itself, is enough to reconstruct the secret key,
> >   
>   
Based on the knowledge that paperkey exists, I would believe so.
Somewhere on your key will be the, e.g., 2048 bits that make it
'interesting'. It is reasonable to assume that they are in an contiguous
block and not scattered over the keyfile (given that GnuPG uses a
packet-structure for all its data).

> > and if so,
> > how can it be determined which part of the keyblock it is,
> > in order to make sure that that section is 'split' for sharing ?
>   
I assume that splitting the ASCII-armor column-wise instead of line-wise
might be a good approximation  ;-) 

cu, Sven


PS: Vedaal, a mail sent to you off-list was apparently returned as
undeliverable.


From alexander.janssen at gmail.com  Fri Nov  2 18:52:03 2007
From: alexander.janssen at gmail.com (Alexander W. Janssen)
Date: Fri, 2 Nov 2007 18:52:03 +0100
Subject: New OpenPGP standard published
In-Reply-To: <87abpwva5w.fsf@wheatstone.g10code.de>
References: <20071102155222.GA5428@jabberwocky.com>
	<87abpwva5w.fsf@wheatstone.g10code.de>
Message-ID: <bb1289090711021052y50bd39a1tb6ef18e6d87117d@mail.gmail.com>

On 11/2/07, Werner Koch <wk at gnupg.org> wrote:
> I am going to celebrate that now with some pints of F?chschen at the
> Cafe Modigliani[1].  Feel free to join.

Why didn't you say that like an hour ago?
Now I'm stuck with my wife, cleaning the house... :-)

> Salam-Shalom,

Next time... Cheers!

>    Werner

Alex.

> Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

You're with us on Tuesday? http://tinyurl.com/2a3wga


-- 
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the last few years, and it is time it
should be stopped."
 -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901.


.


From 210525p42015 at denstarfarm.us  Tue Nov  6 01:05:37 2007
From: 210525p42015 at denstarfarm.us (Robert D.)
Date: Mon, 05 Nov 2007 19:05:37 -0500
Subject: Gen Key command done correctly
Message-ID: <472FAFD1.9030605@denstarfarm.us>

I tried to generate a key using commands in "Terminal" on my OS/X.  This
is actually a learning experience for me done on purpose.

When I used gen-key, I got one, but at the end was told that I'd need to
generate a  sub-key that I could use to actually encrypt.
\
\

So,, what I am asking in where I went wrong?

I used the gpg --gen-key to generate a non-expiring 4096 RSA key; gave a
name and email address.

What would be the complete process done via the CLI ??

thanks



From rjh at sixdemonbag.org  Tue Nov  6 02:12:23 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 05 Nov 2007 19:12:23 -0600
Subject: Gen Key command done correctly
In-Reply-To: <472FAFD1.9030605@denstarfarm.us>
References: <472FAFD1.9030605@denstarfarm.us>
Message-ID: <472FBF77.9040508@sixdemonbag.org>

Robert D. wrote:
> When I used gen-key, I got one, but at the end was told that I'd need to
> generate a  sub-key that I could use to actually encrypt.

GnuPG uses "key pair" in two distinct senses.  One of them means a
public/private pair; and the other means two sets of public/private
keys, one set used for encryption and one set used for signing.  To
disambiguate, I'll refer to the latter as a key set, and a
public/private combination as a key pair.

By default, GnuPG only creates key sets for DSA/Elgamal keys.  It
creates a DSA key pair for signing and an Elgamal key pair for encryption.

For RSA keys, GnuPG only creates a single key pair--a signing pair.



gpg --edit-key <key ID> addkey
<enter your passphrase>
6
<enter desired key size>

... and so on, and so on, and you'll have an encryption key pair added
to your signing key pair, making it a completely usable key set.



From ladislav.hagara at unob.cz  Tue Nov  6 02:08:46 2007
From: ladislav.hagara at unob.cz (Ladislav Hagara)
Date: Tue, 06 Nov 2007 02:08:46 +0100
Subject: Gen Key command done correctly
In-Reply-To: <472FAFD1.9030605@denstarfarm.us>
References: <472FAFD1.9030605@denstarfarm.us>
Message-ID: <472FBE9E.7020900@unob.cz>


> When I used gen-key, I got one, but at the end was told that I'd need to
> generate a  sub-key that I could use to actually encrypt.
> \
> \
>
> So,, what I am asking in where I went wrong?
>
> I used the gpg --gen-key to generate a non-expiring 4096 RSA key; gave a
> name and email address.

If you chose the default option ((1) DSA and Elgamal (default)) you
would have both sign and decrypt keys now.
You chose ((5) RSA (sign only)) so you have sign key only.
You must run "gpg --edit-key" and then "addkey" command and choose key
for encryption ((6) RSA (encrypt only)).


-- 
Ladislav Hagara




From 210525p42015 at denstarfarm.us  Tue Nov  6 04:26:41 2007
From: 210525p42015 at denstarfarm.us (Robert D.)
Date: Mon, 05 Nov 2007 22:26:41 -0500
Subject: Gen Key command done correctly
In-Reply-To: <472FBE9E.7020900@unob.cz>
References: <472FAFD1.9030605@denstarfarm.us> <472FBE9E.7020900@unob.cz>
Message-ID: <472FDEF1.6020104@denstarfarm.us>

whoops, I goofed the reply  and reply-to-all buttons




Ladislav Hagara said the following:
.
> You must run "gpg --edit-key" and then ...


Next question ...

Sub-key generated.

Do I still encrypt to the original public key? And thus, is the sub-key
used automatically? .. I ask because it's not intuitively obvious to me
how I tell gpg to select that sub-key since Thunderbird already uses the
key generated originally to the email address.



From dshaw at jabberwocky.com  Tue Nov  6 05:27:36 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 5 Nov 2007 23:27:36 -0500
Subject: UID management
In-Reply-To: <200711051818.34841.pg@futureware.at>
References: <200711051200.51516.pg@futureware.at>
	<87r6j5orye.fsf@wheatstone.g10code.de>
	<200711051818.34841.pg@futureware.at>
Message-ID: <20071106042736.GA12890@jabberwocky.com>

On Mon, Nov 05, 2007 at 06:18:33PM +0100, Philipp G?hring wrote:
> Hi,
> 
> Thanks for your answer!
> 
> Ok, I need the following: 
> 1. I need a tool that lists me all the UIDs in a key. 
> 2. Then I select the UIDs I need, and the UIDs I do not need
> 3. Then I need a tool that removes all selected unneeded UIDs from the key, 
> and returns me the stripped key.
> 
> Until now I tried the do the first step with gpg --with-colons and the third 
> step with gpg --edit-key by automating gpg. 
> But due to the ordering problem, this doesn?t work.

The ordering does not matter.  GPG supports selecting a user ID by hash:

gpg --with-colons --list-keys (whatever)

....
uid:-::::2006-08-02::A8DCEA454269C4701E724839B04AEDD404BC21EB::Foo Bar <foo at example.com>:
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^
                      this is the hash value


gpg --edit-key (whatever)
uid A8DCEA454269C4701E724839B04AEDD404BC21EB
deluid
save

David


From pelliott at io.com  Tue Nov  6 04:33:52 2007
From: pelliott at io.com (Paul Elliott)
Date: Mon, 5 Nov 2007 21:33:52 -0600
Subject: converting between detached undetached signatures?
Message-ID: <20071106033352.GA12527@io.com>


Another user has created a digital signature. I do not have
the secret key. I want to convert it's form. There are two
possiblities:

1) It is a detached signature, I want to convert it to
a regular undetached signature. (I have the file that
was signed.)

2) It is a regular not detached signature and
I want to convert it to a detached signature.


Can this be done with some obscure gpg command?

If no, perhaps someone has written a utility that
can do this work?

Thank You


-- 
Paul Elliott                       1(512)837-1096
pelliott at io.com                    PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/   Austin TX 78758-3117
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20071105/c00a2572/attachment.pgp 

From dshaw at jabberwocky.com  Tue Nov  6 06:29:54 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 6 Nov 2007 00:29:54 -0500
Subject: converting between detached undetached signatures?
In-Reply-To: <20071106033352.GA12527@io.com>
References: <20071106033352.GA12527@io.com>
Message-ID: <20071106052954.GB12890@jabberwocky.com>

On Mon, Nov 05, 2007 at 09:33:52PM -0600, Paul Elliott wrote:
> 
> Another user has created a digital signature. I do not have
> the secret key. I want to convert it's form. There are two
> possiblities:
> 
> 1) It is a detached signature, I want to convert it to
> a regular undetached signature. (I have the file that
> was signed.)

gpg -z0 --store the-original-file
cat the-detached-sig.sig the-original-file.gpg > my-new-joined-file.gpg

Note that if the signature is a text-mode signature, you need to add
--textmode to the --store command.

> 2) It is a regular not detached signature and
> I want to convert it to a detached signature.

Use gpgsplit to break the file up into packets.  Note that you might
need to use 'gpgsplit --uncompress' if the original file was
compressed, and then run gpgsplit again on the uncompressed file.

Find the file that ends in ".sig".  That's the detached signature.

There are a few very obscure cases where you can't do these two
tricks.  If you have a textmode signature, and the original document
has whitespace at the end of the line, and your other user is using
PGP (not GPG) then you might have a problem.  Incidentally, this is
one of the things that RFC-4880 resolved.

David


From wk at gnupg.org  Tue Nov  6 11:09:51 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 06 Nov 2007 11:09:51 +0100
Subject: UID management
In-Reply-To: <200711051818.34841.pg@futureware.at> ("Philipp =?utf-8?Q?G?=
	=?utf-8?Q?=C3=BChring=22's?=
	message of "Mon, 5 Nov 2007 18:18:33 +0100")
References: <200711051200.51516.pg@futureware.at>
	<87r6j5orye.fsf@wheatstone.g10code.de>
	<200711051818.34841.pg@futureware.at>
Message-ID: <87zlxrlm6o.fsf@wheatstone.g10code.de>

On Mon,  5 Nov 2007 18:18, pg at futureware.at said:

>> See GPA for an implementarions of this.
>
> How likely will it be that such an implementation will break with the next 
> version? It doesn?t sounds like a stable, robust and secure way to me.

It won't break as long as you follow the main guideline to send a LF
(i.e. no value) on unknown prompts.

> You mean an implementation bug? Or is there some structural problem that 

It means that it is not speicified and that the ordering may change at
any time.  As David explained, you should either use the UID hash to
select a UID or use --edit-key --with-colons and compute the number of
the uid by counting the "uid:" lines.

> doesnt allow for a robust ordering? Are you sorting the UIDs while importing 
> them for faster lookup? Aren?t you just copying the public key into the 
> keyring directly?
> Why isn?t it order just in the same way it is written in the file? Why is it 
> reordered at all? Why isn?t the ordering configurable?

Because the order has no semantic meaning.

> How can I specify it then?

man 1 sort


>> OpenPGP does not define any order of UIDs. 
>
> Is that an issue that should be solved in the OpenPGP standard? Can you write 
> a proposal that would suit it?

No. No.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From wk at gnupg.org  Tue Nov  6 12:05:52 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 06 Nov 2007 12:05:52 +0100
Subject: New OpenPGP standard published
In-Reply-To: <bb1289090711021052y50bd39a1tb6ef18e6d87117d@mail.gmail.com>
	(Alexander W. Janssen's message of "Fri, 2 Nov 2007 18:52:03 +0100")
References: <20071102155222.GA5428@jabberwocky.com>
	<87abpwva5w.fsf@wheatstone.g10code.de>
	<bb1289090711021052y50bd39a1tb6ef18e6d87117d@mail.gmail.com>
Message-ID: <87prynk50v.fsf@wheatstone.g10code.de>

On Fri,  2 Nov 2007 18:52, alexander.janssen at gmail.com said:

> You're with us on Tuesday? http://tinyurl.com/2a3wga

Sure. [1]

BTW, I do not like this centralized URL surveilance system to go to
https://wiki.vorratsdatenspeicherung.de/Endspurt/Duesseldorf.


Shalom-Salam,

   Werner


[1] Germany is about to legalize and enforce traffic analysis of all
modern communication by requiring to save _all_ connection data and the
location of mobile phones for 6 months.  Obviously nicknamed Stasi-2.0.

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From jvc214 at yahoo.com  Tue Nov  6 16:29:16 2007
From: jvc214 at yahoo.com (Jim Cook)
Date: Tue, 6 Nov 2007 07:29:16 -0800 (PST)
Subject: PGP encryption: block or stream cipher?
Message-ID: <993548.23556.qm@web51009.mail.re2.yahoo.com>

Does anyone know which type of cipher is used?

Thanks,
Jim





From rjh at sixdemonbag.org  Tue Nov  6 18:49:40 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 06 Nov 2007 17:49:40 +0000
Subject: PGP encryption: block or stream cipher?
In-Reply-To: <993548.23556.qm@web51009.mail.re2.yahoo.com>
References: <993548.23556.qm@web51009.mail.re2.yahoo.com>
Message-ID: <4730A934.3000509@sixdemonbag.org>

Jim Cook wrote:
> Does anyone know which type of cipher is used?

No.  Well, block ciphers, but beyond that nobody can tell you very much.

GnuPG supports a large number of block ciphers--probably too many.
Which cipher is used for a particular message depends on both your
preferences and your recipient's preferences.  GnuPG does a variant of
the stable-marriage problem to find a cipher that's mutually agreeable
to both you and your recipient.  So no, without knowing what your and
your recipient's preferences are, we really can't say which block
ciphers are used.

To see which ciphers your version of GnuPG supports, enter:

gpg --version



From dirk.traulsen at lypso.de  Tue Nov  6 18:42:33 2007
From: dirk.traulsen at lypso.de (Dirk Traulsen)
Date: Tue, 06 Nov 2007 18:42:33 +0100
Subject: New OpenPGP standard published
In-Reply-To: <20071102155222.GA5428@jabberwocky.com>
References: <20071102155222.GA5428@jabberwocky.com>
Message-ID: <4730B599.1132.4A11B54@dirk.traulsen.lypso.de>

Am 2 Nov 2007 um 11:52 hat David Shaw geschrieben:
> The new OpenPGP standard has been published.  

Congratulations for the new RFC!

But, since 2004, I report regularly at least once a year that the 
example for the Radix-64-Encoding in '6.5. Examples of Radix-64' on 
page 59 in the rfc is wrong.

With David Shaw on the board, I thought, it might be different, so I 
tried again and really... 

Am 13 Jun 2006 um 17:12 hat David Shaw geschrieben:
> I've spoken to the other folks and this will be fixed in the
> last-call for the RFC.

Now after all these versions there is a brand new rfc4880, but 
surprise, surprise, in this example embarrassingly 7 is still 0b1111, 
which leads to 0b100111, which is decimal not the correct 37, but 39.
The same old error since at least NINE years in an example how to use 
the standard.

Well, this gets really, really frustrating!

This is such a blatant error, which really cannot be disputed. If even 
such a simple error is never corrected, how would it be if I as no 
committee member really wanted to comment on something important in 
OpenPGP itself?
A totally pointless effort, I'm sure.

Dirk




From email at sven-radde.de  Tue Nov  6 21:20:31 2007
From: email at sven-radde.de (Sven Radde)
Date: Tue, 06 Nov 2007 21:20:31 +0100
Subject: PGP encryption: block or stream cipher?
Message-ID: <4730CC8F.8010103@sven-radde.de>

Hi!

Jim Cook schrieb:
> Does anyone know which type of cipher is used?

GnuPG uses a number of block ciphers in a variant of CFB mode.
See RFC 4880, section 13.9 for more details on the mode of operation.

btw, can someone explain to me what the design rationale for that
"variant" is? I did not find an explanation in the RFC as to *why* the
design choices were made in that particular way.

cu, Sven


From dshaw at jabberwocky.com  Tue Nov  6 22:23:50 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 6 Nov 2007 16:23:50 -0500
Subject: New OpenPGP standard published
In-Reply-To: <4730B599.1132.4A11B54@dirk.traulsen.lypso.de>
References: <20071102155222.GA5428@jabberwocky.com>
	<4730B599.1132.4A11B54@dirk.traulsen.lypso.de>
Message-ID: <20071106212350.GA20471@jabberwocky.com>

On Tue, Nov 06, 2007 at 06:42:33PM +0100, Dirk Traulsen wrote:
> Am 2 Nov 2007 um 11:52 hat David Shaw geschrieben:
> > The new OpenPGP standard has been published.  
> 
> Congratulations for the new RFC!
> 
> But, since 2004, I report regularly at least once a year that the 
> example for the Radix-64-Encoding in '6.5. Examples of Radix-64' on 
> page 59 in the rfc is wrong.
> 
> With David Shaw on the board, I thought, it might be different, so I 
> tried again and really... 
> 
> Am 13 Jun 2006 um 17:12 hat David Shaw geschrieben:
> > I've spoken to the other folks and this will be fixed in the
> > last-call for the RFC.
> 
> Now after all these versions there is a brand new rfc4880, but 
> surprise, surprise, in this example embarrassingly 7 is still 0b1111, 
> which leads to 0b100111, which is decimal not the correct 37, but 39.
> The same old error since at least NINE years in an example how to use 
> the standard.

Drat.  I did submit this, but it seems to have been accidentally left
out when the document was published.

I'll file it as an errata.  Sorry about all that.

David


From ladislav.hagara at unob.cz  Tue Nov  6 23:39:41 2007
From: ladislav.hagara at unob.cz (Ladislav Hagara)
Date: Tue, 06 Nov 2007 23:39:41 +0100
Subject: Gen Key command done correctly
In-Reply-To: <472FDEF1.6020104@denstarfarm.us>
References: <472FAFD1.9030605@denstarfarm.us> <472FBE9E.7020900@unob.cz>
	<472FDEF1.6020104@denstarfarm.us>
Message-ID: <4730ED2D.807@unob.cz>


>> You must run "gpg --edit-key" and then ...
>>     
>
> Next question ...
>
> Sub-key generated.
>
> Do I still encrypt to the original public key?

Nobody can encrypts files for you if your public key doesn't contain
encrypt subkey.

>  And thus, is the sub-key
> used automatically? .. I ask because it's not intuitively obvious to me
> how I tell gpg to select that sub-key since Thunderbird already uses the
> key generated originally to the email address.

The subkey will be used automatically. You just have to export your
public key again and your partners have to import it (only this subkey
will be really imported).
Without encrypting subkey the Thunderbird (Enigmail) will abe able only
check your signature but nobody will be able to encrypt email for you.

-- 
Ladislav Hagara


From dshaw at jabberwocky.com  Tue Nov  6 23:43:11 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 6 Nov 2007 17:43:11 -0500
Subject: PGP encryption: block or stream cipher?
In-Reply-To: <4730CC8F.8010103@sven-radde.de>
References: <4730CC8F.8010103@sven-radde.de>
Message-ID: <20071106224311.GC20471@jabberwocky.com>

On Tue, Nov 06, 2007 at 09:20:31PM +0100, Sven Radde wrote:
> Hi!
> 
> Jim Cook schrieb:
> > Does anyone know which type of cipher is used?
> 
> GnuPG uses a number of block ciphers in a variant of CFB mode.
> See RFC 4880, section 13.9 for more details on the mode of operation.
> 
> btw, can someone explain to me what the design rationale for that
> "variant" is? I did not find an explanation in the RFC as to *why* the
> design choices were made in that particular way.

Short answer, it's historical.  There has just never been a strong
reason to change it.

David


From 210525p42015 at denstarfarm.us  Wed Nov  7 03:48:32 2007
From: 210525p42015 at denstarfarm.us (Robert D.)
Date: Tue, 06 Nov 2007 21:48:32 -0500
Subject: removing a misplaced comment in UID
Message-ID: <47312780.2010305@denstarfarm.us>

I am sure I goofed. I am unsure how to correct it now that I sent my
keys to the servers.

When I made the revised keys, I put in /name/ and /comment/ and /email addy/

the *comment* part, I should have ignored. However I was thinking of the
line seen often under "Version" a /note/ or /comment/ but I put the line
in that UID comment field. Now I have this huge UID with /my name/ &&
"keys at so-and-so" && emailATemail

can I remove the comment?

thanks for the help (again)


From dshaw at jabberwocky.com  Wed Nov  7 04:23:40 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 6 Nov 2007 22:23:40 -0500
Subject: removing a misplaced comment in UID
In-Reply-To: <47312780.2010305@denstarfarm.us>
References: <47312780.2010305@denstarfarm.us>
Message-ID: <20071107032340.GA21324@jabberwocky.com>

On Tue, Nov 06, 2007 at 09:48:32PM -0500, Robert D. wrote:
> I am sure I goofed. I am unsure how to correct it now that I sent my
> keys to the servers.
> 
> When I made the revised keys, I put in /name/ and /comment/ and /email addy/
> 
> the *comment* part, I should have ignored. However I was thinking of the
> line seen often under "Version" a /note/ or /comment/ but I put the line
> in that UID comment field. Now I have this huge UID with /my name/ &&
> "keys at so-and-so" && emailATemail
> 
> can I remove the comment?

Now that the key has been sent to the servers, no, you can't remove
it.  What you can do is revoke that user ID and make a new one that
looks the way you want.  This doesn't remove the old user ID, but does
hide it so it is not seen in most cases.

David


From shavital at mac.com  Wed Nov  7 17:01:00 2007
From: shavital at mac.com (Charly Avital)
Date: Wed, 07 Nov 2007 11:01:00 -0500
Subject: Image viewer in gpg.conf
Message-ID: <4731E13C.8070707@mac.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,
This is my first post to the Ubuntu list, and I am very new user of
Ubuntu 7.10.

I am Mac user since 1993, and a GnuPG user for at least 5 years.

My system:
Running Ubuntu 7.10 under Parallels for Mac 3.0 build 5160.
MacOS X 10.5 (code name Leopard)
Macbook Intel Core 2 Duo 2 GHz (i386), 2GB-RAM.
GnuPG 1.4.7 and gpg2 2.0.7

I have installed:
$ xloadimage -version
Xloadimage version 4.1 by Jim Frost.
Built on Linux terranova 2.6.12 #1 SMP Tue Aug 9 18:56:34 UTC 2005 i686
GNU/Linux

I have enabled, in ~/.gnupg/gpg.conf:
verify-options show-photos
photo-viewer xloadimage

When verifying messages that have been signed with a key that contains
the owner's photo jpeg file, the picture is not shown.

Thanks in advance for your feedback.
Charly


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRzHhOM3GMi2FW4PvAQjo7gf+IpDH8BBF7wsrm5esU/bypoZURauZbJ60
HhEhVoQMiTvQaMslHqV1iwh/JN3fbpN8lh/dHbayao0oyQL+HL+j//zlaNPhD2g4
V7iNZPifhNoBNj57b/QRBAOieOx9up7gvRkw/pI6xwdzNr6c+kwKKImOJWv3n5Pl
4GZRAGCFoWWGuwOYo7J9hy+ZI1rIzG8DORPjQooF28vVX11P7/XSkcGNF9VVKBeT
kGr/mMQ12cWkRdhOhbc+aO3DEOK9AjLCUsYsMfQaqfABSnSjeW7oYQ6AdacXnRdh
2bJnaTHMHnZM7k5NAvFbBF3M8+8aQPTsAkDiTYUTnUVx4iDANnHWNw==
=/O4C
-----END PGP SIGNATURE-----


From dshaw at jabberwocky.com  Wed Nov  7 17:27:13 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 7 Nov 2007 11:27:13 -0500
Subject: Image viewer in gpg.conf
In-Reply-To: <4731E13C.8070707@mac.com>
References: <4731E13C.8070707@mac.com>
Message-ID: <20071107162713.GE25886@jabberwocky.com>

On Wed, Nov 07, 2007 at 11:01:00AM -0500, Charly Avital wrote:
> Hi,
> This is my first post to the Ubuntu list, and I am very new user of
> Ubuntu 7.10.
> 
> I am Mac user since 1993, and a GnuPG user for at least 5 years.
> 
> My system:
> Running Ubuntu 7.10 under Parallels for Mac 3.0 build 5160.
> MacOS X 10.5 (code name Leopard)
> Macbook Intel Core 2 Duo 2 GHz (i386), 2GB-RAM.
> GnuPG 1.4.7 and gpg2 2.0.7
> 
> I have installed:
> $ xloadimage -version
> Xloadimage version 4.1 by Jim Frost.
> Built on Linux terranova 2.6.12 #1 SMP Tue Aug 9 18:56:34 UTC 2005 i686
> GNU/Linux
> 
> I have enabled, in ~/.gnupg/gpg.conf:
> verify-options show-photos
> photo-viewer xloadimage
> 
> When verifying messages that have been signed with a key that contains
> the owner's photo jpeg file, the picture is not shown.

Try:

  photo-viewer "xloadimage %i"

If I recall, xloadimage can't take data via stdin.

David


From shavital at mac.com  Wed Nov  7 18:15:09 2007
From: shavital at mac.com (Charly Avital)
Date: Wed, 07 Nov 2007 12:15:09 -0500
Subject: Image viewer in gpg.conf
In-Reply-To: <20071107162713.GE25886@jabberwocky.com>
References: <4731E13C.8070707@mac.com> <20071107162713.GE25886@jabberwocky.com>
Message-ID: <4731F29D.6010506@mac.com>

David Shaw wrote:
> On Wed, Nov 07, 2007 at 11:01:00AM -0500, Charly Avital wrote:
>> Hi,
>> This is my first post to the Ubuntu list, and I am very new user of
>> Ubuntu 7.10.
>>
>> I am Mac user since 1993, and a GnuPG user for at least 5 years.
>>
>> My system:
>> Running Ubuntu 7.10 under Parallels for Mac 3.0 build 5160.
>> MacOS X 10.5 (code name Leopard)
>> Macbook Intel Core 2 Duo 2 GHz (i386), 2GB-RAM.
>> GnuPG 1.4.7 and gpg2 2.0.7
>>
>> I have installed:
>> $ xloadimage -version
>> Xloadimage version 4.1 by Jim Frost.
>> Built on Linux terranova 2.6.12 #1 SMP Tue Aug 9 18:56:34 UTC 2005 i686
>> GNU/Linux
>>
>> I have enabled, in ~/.gnupg/gpg.conf:
>> verify-options show-photos
>> photo-viewer xloadimage
>>
>> When verifying messages that have been signed with a key that contains
>> the owner's photo jpeg file, the picture is not shown.
> 
> Try:
> 
>   photo-viewer "xloadimage %i"
> 
> If I recall, xloadimage can't take data via stdin.
> 
> David

Thank you David,

It works, both in Thunderbird+Enigmail, and in Evolution.

Charly



From volker at ixolution.de  Wed Nov  7 18:38:24 2007
From: volker at ixolution.de (Volker Dormeyer)
Date: Wed, 7 Nov 2007 18:38:24 +0100
Subject: Decryption using Smartcard using CCID and PCSCD driver
In-Reply-To: <200711010807.26154.volker@ixolution.de>
References: <200711010807.26154.volker@ixolution.de>
Message-ID: <200711071838.25644.volker@ixolution.de>

Hi,

does nobody have an idea on this?

Thanks,
Volker


 * On Thursday 01 November 2007 08:07:25,
 * Volker Dormeyer <volker at ixolution.de> wrote:

 > Hi,
 >
 > I'm experiencing problems decrypting an email I received, recently.
 > Decryption of other emails, even from the same sender works fine.
 > Although the other recipients of this particular email don't seem
 > to have a problem with the decryption of it.
 >
 > GPG tells me (recipients have been anonymised by xxxxxxxx,
 > except myself):
 >
 > volker at freedom:~$ gpg -v email.asc
 > gpg: armor header: Version: GnuPG v2.0.5 (GNU/Linux)
 > gpg: public key is xxxxxxxx
 > gpg: public key is 9107C5AC
 > gpg: using subkey 9107C5AC instead of primary key DB5349DB
 > gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.131
 > gpg: public key is xxxxxxxx
 > gpg: public key is xxxxxxxx
 > gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx
 > gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created xxxxxxxx
 >       "other recipient <xxxxxxxxxxxxxxxx>"
 > gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx
 > gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx
 >       "other recipient <xxxxxxxxxxxxxxxx>"
 > gpg: using subkey 9107C5AC instead of primary key DB5349DB
 > gpg: encrypted with 1024-bit RSA key, ID 9107C5AC, created 2005-08-31
 >       "Volker Dormeyer <volker at ixolution.de>"
 > gpg: public key decryption failed: general error
 > gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx
 > gpg: encrypted with 1024-bit RSA key, ID xxxxxxxx, created xxxxxxxx
 >       "other recipient <xxx